To use knetfilter your kernel should be compiled with FULL netfilter support enabled. Here is the configuration I do suggest based on Linux kernel 2.4.20. (Please, not that I DO USE arpd) # Networking options # CONFIG_PACKET=y CONFIG_PACKET_MMAP=y CONFIG_NETLINK=y CONFIG_RTNETLINK=y CONFIG_NETLINK_DEV=y CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_FILTER=y CONFIG_UNIX=y CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_RTNETLINK=y CONFIG_NETLINK=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_FWMARK=y CONFIG_IP_ROUTE_NAT=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_TOS=y CONFIG_IP_ROUTE_VERBOSE=y CONFIG_IP_ROUTE_LARGE_TABLES=y # CONFIG_IP_PNP is not set # CONFIG_NET_IPIP is not set # CONFIG_NET_IPGRE is not set # CONFIG_IP_MROUTE is not set CONFIG_ARPD=y CONFIG_INET_ECN=y CONFIG_SYN_COOKIES=y # # IP: Netfilter Configuration # CONFIG_IP_NF_CONNTRACK=m CONFIG_IP_NF_FTP=m CONFIG_IP_NF_IRC=m CONFIG_IP_NF_QUEUE=m CONFIG_IP_NF_IPTABLES=m CONFIG_IP_NF_MATCH_LIMIT=m CONFIG_IP_NF_MATCH_MAC=m CONFIG_IP_NF_MATCH_PKTTYPE=m CONFIG_IP_NF_MATCH_MARK=m CONFIG_IP_NF_MATCH_MULTIPORT=m CONFIG_IP_NF_MATCH_TOS=m CONFIG_IP_NF_MATCH_ECN=m CONFIG_IP_NF_MATCH_DSCP=m CONFIG_IP_NF_MATCH_AH_ESP=m CONFIG_IP_NF_MATCH_LENGTH=m CONFIG_IP_NF_MATCH_TTL=m CONFIG_IP_NF_MATCH_TCPMSS=m CONFIG_IP_NF_MATCH_HELPER=m CONFIG_IP_NF_MATCH_STATE=m CONFIG_IP_NF_MATCH_CONNTRACK=m CONFIG_IP_NF_MATCH_UNCLEAN=m CONFIG_IP_NF_MATCH_OWNER=m CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m CONFIG_IP_NF_TARGET_MIRROR=m CONFIG_IP_NF_NAT=m CONFIG_IP_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=m CONFIG_IP_NF_TARGET_REDIRECT=m CONFIG_IP_NF_NAT_LOCAL=y CONFIG_IP_NF_NAT_SNMP_BASIC=m CONFIG_IP_NF_NAT_IRC=m CONFIG_IP_NF_NAT_FTP=m CONFIG_IP_NF_MANGLE=m CONFIG_IP_NF_TARGET_TOS=m CONFIG_IP_NF_TARGET_ECN=m CONFIG_IP_NF_TARGET_DSCP=m CONFIG_IP_NF_TARGET_MARK=m CONFIG_IP_NF_TARGET_LOG=m CONFIG_IP_NF_TARGET_ULOG=m CONFIG_IP_NF_TARGET_TCPMSS=m CONFIG_IP_NF_ARPTABLES=m CONFIG_IP_NF_ARPFILTER=m # CONFIG_IP_NF_COMPAT_IPCHAINS is not set # CONFIG_IP_NF_COMPAT_IPFWADM is not set If you prefer (as you should) to use modules, please load all them. If you want, you can use this script. --- #!/bin/sh modprobe ip_conntrack modprobe ip_conntrack_ftp modprobe ip_conntrack_amanda modprobe ip_conntrack_irc modprobe ip_conntrack_tftp modprobe ip_nat_ftp modprobe ip_nat_amanda modprobe ip_nat_irc modprobe ip_nat_tftp modprobe ip_nat_snmp_basic modprobe ip_queue modprobe ip_tables modprobe ipt_DSCP modprobe ipt_ECN modprobe ipt_LOG modprobe ipt_ULOG modprobe ipt_MARK modprobe ipt_MASQUERADE modprobe ipt_MIRROR modprobe ipt_REDIRECT modprobe ipt_REJECT modprobe ipt_TOS modprobe ipt_TCPMSS modprobe ipt_CLASSIFY modprobe ipt_NETMAP modprobe ipt_SAME modprobe ipt_limit modprobe ipt_ah modprobe ipt_conntrack modprobe ipt_dscp modprobe ipt_ecn modprobe ipt_esp modprobe ipt_helper modprobe ipt_iprange modprobe ipt_length modprobe ipt_mac modprobe ipt_mark modprobe ipt_multiport modprobe ipt_owner modprobe ipt_recent modprobe ipt_pkttype modprobe ipt_state modprobe ipt_tos modprobe ipt_unclean modprobe ipt_tcpmss modprobe ipt_ttl modprobe iptable_filter modprobe iptable_mangle modprobe iptable_nat modprobe arp_table modprobe arpt_mangle modprobe arptable_filter