I am a new user of connman. The project is an older embedded system that is being updated to use it.

Atmel AT91-RM9200 CPU

Linux-2.6.33-7 - older kernel which I can't upgrade due to binary drivers. But I can recompile with new modules if needed. I have built almost everything in the netfilter area as modules after reading several online guides.

buildroot-2017-02 used to build system, so everything is pretty modern apart from the kernel.

iptables-1.6.1

connman-1.34


Ethernet is working well. I am adding a USB gadget with tethering to allow the device to be connected to Windows PCs as a USB device. This requires the DHCP server in connman to be run. usb0 is recognized as a gadget by connman. Tethering is initiated by sending:

connmanctl tether gadget on


After running my tethering command, lsmod shows:

iptable_filter          1184  1 

iptable_nat             3573  0 

nf_nat                 15825  1 iptable_nat

nf_conntrack_ipv4      11680  3 iptable_nat,nf_nat

nf_conntrack           52431  3 iptable_nat,nf_nat,nf_conntrack_ipv4

nf_defrag_ipv4           857  1 nf_conntrack_ipv4

ip_tables               8885  2 iptable_filter,iptable_nat

x_tables               10528  2 iptable_nat,ip_tables

bridge                 45118  0 

stp                     1318  1 bridge

llc                     3094  2 bridge,stp

ipv6                  221360 12 

ohci_hcd               25436  0 

cfg80211              116559  0 

rfkill                 13468  2 cfg80211

g_ether                42777  0 

usbcore               151944  2 ohci_hcd


Running connmand with --debug=src/iptables.c,src/firewall-iptables.c:
Bridge firewalling registered
connmand[336]: Failed to bind UDP listener socket
connmand[336]: Failed to bind TCP listener socket
connmand[336]: DHCP server: option_code 1 option_value 255.255.255.0
connmand[336]: DHCP server: option_code 3 option_value 192.168.0.1
connmand[336]: DHCP server: option_code 6 option_value 192.168.0.1
connmand[336]: src/firewall-iptables.c:enable_rule() nat POSTROUTING -s 192.168.0.2/24 -o eth0 -j MASQUERADE
connmand[336]: src/iptables.c:__connman_iptables_new_chain() -t nat -N connman-POSTROUTING
connmand[336]: src/iptables.c:iptables_init() nat
ip_tables: (C) 2000-2006 Netfilter Core Team
nf_conntrack version 0.5.0 (464 buckets, 1856 max)
CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Please use
nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack module option or
sysctl net.netfilter.nf_conntrack_acct=1 to enable it.
connmand[336]: src/iptables.c:iptables_add_chain() table nat chain connman-POSTROUTING
connmand[336]: src/iptables.c:__connman_iptables_insert() -t nat -I POSTROUTING -j connman-POSTROUTING
connmand[336]: src/iptables.c:iptables_insert_rule() table nat chain POSTROUTING
connmand[336]: src/iptables.c:__connman_iptables_delete_chain() -t nat -X connman-POSTROUTING
connmand[336]: src/iptables.c:iptables_delete_chain() table nat chain connman-POSTROUTING
connmand[336]: Cannot enable NAT -22/Invalid argument
connmand[336]: Add interface to bridge error No such device

Debugging further I've found that find_chain_head is getting a target->data value of "ERROR", so it returns null. iptables_insert_rule detects this, so it returns -EINVAL.

I inserted a system() call to dump iptables just before the error & I can see that nothing has been defined other than defaults. connman-POSTROUTING does not exist (but I'm not sure if it's supposed to at this stage).

connmand appears to be working well in other regards. I can run many commands & get good results. iptables is also working fine - I can add NAT chains & rules without error.

At this stage I'm a bit lost as to where to look. Is it a problem with my kernel/modules not being set up properly or in connman config?