首页 > Linux安全防护 > [SOLVED]iptables table `NAT’: Table does not exist (do … to insmod?)

[SOLVED]iptables table `NAT’: Table does not exist (do … to insmod?)

2016年11月8日

[SOLVED]iptables table `NAT’: Table does not exist (do … to insmod?)
https://bbs.archlinux.org/viewtopic.php?id=182400
[[email protected] ~]# iptables -t NAT -A POSTROUTING -s 192.168.1.0/24 -o enp2s0 -j MASQUERADE
iptables v1.4.21: can’t initialize iptables table `NAT’: Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
It’s probably extremely easy to solve this issue, but I’ve bashed my head on this one for far to long.
Latest update just installed with
pacman -Syu
and the machine is freshly rebooted.
Standard kernel/installation of Arch, nothing fancy.
All my other iptable rules work like a charm, only thing missing is the NAT table.
Called a few modprobes without any luck.
Some other general information:
[[email protected] ~]# ls /lib/modules/*/kernel/net/*/netfilter/
/lib/modules/3.14.5-1-ARCH/kernel/net/bridge/netfilter/:
ebt_802_3.ko.gz ebtables.ko.gz ebt_dnat.ko.gz ebt_log.ko.gz ebt_pkttype.ko.gz ebt_ulog.ko.gz
ebtable_broute.ko.gz ebt_among.ko.gz ebt_ip6.ko.gz ebt_mark.ko.gz ebt_redirect.ko.gz ebt_vlan.ko.gz
ebtable_filter.ko.gz ebt_arp.ko.gz ebt_ip.ko.gz ebt_mark_m.ko.gz ebt_snat.ko.gz nf_tables_bridge.ko.gz
ebtable_nat.ko.gz ebt_arpreply.ko.gz ebt_limit.ko.gz ebt_nflog.ko.gz ebt_stp.ko.gz

/lib/modules/3.14.5-1-ARCH/kernel/net/ipv4/netfilter/:
arptable_filter.ko.gz iptable_nat.ko.gz ipt_CLUSTERIP.ko.gz ipt_SYNPROXY.ko.gz nf_nat_ipv4.ko.gz nf_tables_ipv4.ko.gz
arp_tables.ko.gz iptable_raw.ko.gz ipt_ECN.ko.gz ipt_ULOG.ko.gz nf_nat_pptp.ko.gz nft_chain_nat_ipv4.ko.gz
arpt_mangle.ko.gz iptable_security.ko.gz ipt_MASQUERADE.ko.gz nf_conntrack_ipv4.ko.gz nf_nat_proto_gre.ko.gz nft_chain_route_ipv4.ko.gz
iptable_filter.ko.gz ip_tables.ko.gz ipt_REJECT.ko.gz nf_defrag_ipv4.ko.gz nf_nat_snmp_basic.ko.gz nft_reject_ipv4.ko.gz
iptable_mangle.ko.gz ipt_ah.ko.gz ipt_rpfilter.ko.gz nf_nat_h323.ko.gz nf_tables_arp.ko.gz

/lib/modules/3.14.5-1-ARCH/kernel/net/ipv6/netfilter/:
ip6table_filter.ko.gz ip6_tables.ko.gz ip6t_ipv6header.ko.gz ip6t_rpfilter.ko.gz nf_nat_ipv6.ko.gz
ip6table_mangle.ko.gz ip6t_ah.ko.gz ip6t_MASQUERADE.ko.gz ip6t_rt.ko.gz nf_tables_ipv6.ko.gz
ip6table_nat.ko.gz ip6t_eui64.ko.gz ip6t_mh.ko.gz ip6t_SYNPROXY.ko.gz nft_chain_nat_ipv6.ko.gz
ip6table_raw.ko.gz ip6t_frag.ko.gz ip6t_NPT.ko.gz nf_conntrack_ipv6.ko.gz nft_chain_route_ipv6.ko.gz
ip6table_security.ko.gz ip6t_hbh.ko.gz ip6t_REJECT.ko.gz nf_defrag_ipv6.ko.gz nft_reject_ipv6.ko.gz
[[email protected] ~]# iptables –version
iptables v1.4.21
[[email protected] ~]# cat /proc/net/ip_tables_names
[[email protected] ~]#
[[email protected] doxid]# lsmod
Module Size Used by
iptable_mangle 1616 0
iptable_nat 3454 0
nf_conntrack_ipv4 9474 1
nf_defrag_ipv4 1499 1 nf_conntrack_ipv4
nf_nat_ipv4 3728 1 iptable_nat
nf_nat 13069 2 nf_nat_ipv4,iptable_nat
nf_conntrack 75784 4 nf_nat,nf_nat_ipv4,iptable_nat,nf_conntrack_ipv4
iptable_filter 1552 0
ctr 3927 2
ccm 8278 2
bridge 99966 0
stp 1653 1 bridge
llc 3729 2 stp,bridge
ip_tables 18051 3 iptable_filter,iptable_mangle,iptable_nat
x_tables 17344 3 ip_tables,iptable_filter,iptable_mangle
tun 20995 2
snd_hda_codec_hdmi 36716 1
arc4 2064 2
snd_hda_codec_realtek 48293 1
snd_hda_codec_generic 53860 1 snd_hda_codec_realtek
pcmcia 46612 0
ath9k 94641 0
ath9k_common 1906 1 ath9k
tg3 158849 0
coretemp 6550 0
ath9k_hw 396166 2 ath9k_common,ath9k
ptp 8404 1 tg3
ath 19419 3 ath9k_common,ath9k,ath9k_hw
mac80211 510593 1 ath9k
pps_core 8993 1 ptp
yenta_socket 34233 0
libphy 21863 1 tg3
joydev 10367 0
snd_hda_intel 38728 0
hwmon 3153 2 tg3,coretemp
mousedev 10912 0
iTCO_wdt 5535 0
cfg80211 459335 3 ath,ath9k,mac80211
pcmcia_rsrc 9392 1 yenta_socket
pcmcia_core 14655 3 pcmcia,pcmcia_rsrc,yenta_socket
i915 753180 1
acer_wmi 24550 0
sparse_keymap 3242 1 acer_wmi
iTCO_vendor_support 1929 1 iTCO_wdt
led_class 3611 2 ath9k,acer_wmi
rfkill 15971 3 cfg80211,acer_wmi
drm_kms_helper 35720 1 i915
snd_hda_codec 101816 4 snd_hda_codec_realtek,snd_hda_codec_hdmi,snd_hda_codec_generic,snd_hda_intel
snd_hwdep 6396 1 snd_hda_codec
snd_pcm 81607 3 snd_hda_codec_hdmi,snd_hda_codec,snd_hda_intel
microcode 17157 0
pcspkr 2059 0
mxm_wmi 1595 0
snd_timer 19038 1 snd_pcm
drm 242043 2 i915,drm_kms_helper
psmouse 92968 0
snd 60086 8 snd_hda_codec_realtek,snd_hwdep,snd_timer,snd_hda_codec_hdmi,snd_pcm,snd_hda_codec_generic,snd_hda_codec,snd_hda_intel
shpchp 25706 0
i2c_i801 11364 0
evdev 11784 4
mac_hid 3273 0
serio_raw 5009 0
i2c_algo_bit 5480 1 i915
i2c_core 25400 5 drm,i915,i2c_i801,drm_kms_helper,i2c_algo_bit
lpc_ich 13560 0
soundcore 5551 1 snd
wmi 8539 2 acer_wmi,mxm_wmi
thermal 8812 0
intel_agp 11504 0
intel_gtt 12856 3 i915,intel_agp
battery 7821 0
ac 3366 0
video 12057 2 i915,acer_wmi
button 4765 1 i915
processor 25217 1
ext4 505189 1
crc16 1359 1 ext4
mbcache 6266 1 ext4
jbd2 86487 1 ext4
sd_mod 37234 2
sr_mod 15026 0
cdrom 35191 1 sr_mod
crc_t10dif 1135 1 sd_mod
crct10dif_common 1436 1 crc_t10dif
ata_generic 3434 0
pata_acpi 3579 0
atkbd 16934 0
libps2 4507 2 atkbd,psmouse
ata_piix 25496 1
libata 174140 3 pata_acpi,ata_generic,ata_piix
scsi_mod 137312 3 libata,sd_mod,sr_mod
uhci_hcd 34795 0
ehci_pci 4152 0
ehci_hcd 64747 1 ehci_pci
usbcore 187240 3 uhci_hcd,ehci_hcd,ehci_pci
usb_common 1712 1 usbcore
i8042 13135 2 acer_wmi,libps2
serio 10785 9 serio_raw,atkbd,i8042,psmouse
[[email protected] doxid]# strace iptables -nvL
execve(“/usr/bin/iptables”, [“iptables”, “-nvL”], [/* 17 vars */]) = 0
brk(0) = 0x25f8000
access(“/etc/ld.so.preload”, R_OK) = -1 ENOENT (No such file or directory)
open(“/etc/ld.so.cache”, O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=81635, …}) = 0
mmap(NULL, 81635, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f0b4672b000
close(3) = 0
open(“/usr/lib/libip4tc.so.0”, O_RDONLY|O_CLOEXEC) = 3
read(3, “\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20\32\0\0\0\0\0\0″…, 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=31440, …}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b4672a000
mmap(NULL, 2126632, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0b46317000
mprotect(0x7f0b4631d000, 2097152, PROT_NONE) = 0
mmap(0x7f0b4651d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f0b4651d000
close(3) = 0
open(“/usr/lib/libip6tc.so.0”, O_RDONLY|O_CLOEXEC) = 3
read(3, “\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\33\0\0\0\0\0\0″…, 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=31472, …}) = 0
mmap(NULL, 2126664, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0b4610f000
mprotect(0x7f0b46116000, 2093056, PROT_NONE) = 0
mmap(0x7f0b46315000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f0b46315000
close(3) = 0
open(“/usr/lib/libxtables.so.10”, O_RDONLY|O_CLOEXEC) = 3
read(3, “\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\[email protected]\0\0\0\0\0\0″…, 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=51984, …}) = 0
mmap(NULL, 2149016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0b45f02000
mprotect(0x7f0b45f0d000, 2097152, PROT_NONE) = 0
mmap(0x7f0b4610d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xb000) = 0x7f0b4610d000
close(3) = 0
open(“/usr/lib/libc.so.6”, O_RDONLY|O_CLOEXEC) = 3
read(3, “\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20\1\2\0\0\0\0\0″…, 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2047384, …}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b46729000
mmap(NULL, 3858192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0b45b54000
mprotect(0x7f0b45cf8000, 2097152, PROT_NONE) = 0
mmap(0x7f0b45ef8000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a4000) = 0x7f0b45ef8000
mmap(0x7f0b45efe000, 16144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f0b45efe000
close(3) = 0
open(“/usr/lib/libdl.so.2”, O_RDONLY|O_CLOEXEC) = 3
read(3, “\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\16\0\0\0\0\0\0″…, 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=14672, …}) = 0
mmap(NULL, 2109712, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0b45950000
mprotect(0x7f0b45953000, 2093056, PROT_NONE) = 0
mmap(0x7f0b45b52000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f0b45b52000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b46728000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b46727000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b46726000
arch_prctl(ARCH_SET_FS, 0x7f0b46727700) = 0
mprotect(0x7f0b45ef8000, 16384, PROT_READ) = 0
mprotect(0x7f0b45b52000, 4096, PROT_READ) = 0
mprotect(0x7f0b4610d000, 4096, PROT_READ) = 0
mprotect(0x7f0b46315000, 4096, PROT_READ) = 0
mprotect(0x7f0b4651d000, 4096, PROT_READ) = 0
mprotect(0x613000, 4096, PROT_READ) = 0
mprotect(0x7f0b4673f000, 4096, PROT_READ) = 0
munmap(0x7f0b4672b000, 81635) = 0
socket(PF_LOCAL, SOCK_STREAM, 0) = 3
bind(3, {sa_family=AF_LOCAL, [email protected]”xtables”}, 10) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 4
fcntl(4, F_SETFD, FD_CLOEXEC) = 0
getsockopt(4, SOL_IP, 0x40 /* IP_??? */, “filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0″…, [84]) = 0
brk(0) = 0x25f8000
brk(0x2619000) = 0x2619000
getsockopt(4, SOL_IP, 0x41 /* IP_??? */, “filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0″…, [672]) = 0
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), …}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b4673e000
write(1, “Chain INPUT (policy ACCEPT 11953″…, 54Chain INPUT (policy ACCEPT 11953 packets, 964K bytes)
) = 54
write(1, ” pkts bytes target prot opt “…, 89 pkts bytes target prot opt in out source destination
) = 89
write(1, “\n”, 1
) = 1
write(1, “Chain FORWARD (policy ACCEPT 0 p”…, 49Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
) = 49
write(1, ” pkts bytes target prot opt “…, 89 pkts bytes target prot opt in out source destination
) = 89
write(1, “\n”, 1
) = 1
write(1, “Chain OUTPUT (policy ACCEPT 1284″…, 56Chain OUTPUT (policy ACCEPT 12848 packets, 1242K bytes)
) = 56
write(1, ” pkts bytes target prot opt “…, 89 pkts bytes target prot opt in out source destination
) = 89
close(4) = 0
exit_group(0) = ?
+++ exited with 0 +++
[[email protected] ~]# zgrep FILTER /proc/config.gz
CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
CONFIG_SECCOMP_FILTER=y
CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
CONFIG_NETFILTER_ADVANCED=y
CONFIG_BRIDGE_NETFILTER=y
CONFIG_NETFILTER_NETLINK=m
CONFIG_NETFILTER_NETLINK_ACCT=m
CONFIG_NETFILTER_NETLINK_QUEUE=m
CONFIG_NETFILTER_NETLINK_LOG=m
CONFIG_NETFILTER_NETLINK_QUEUE_CT=y
CONFIG_NETFILTER_SYNPROXY=m
CONFIG_NETFILTER_XTABLES=m
CONFIG_NETFILTER_XT_MARK=m
CONFIG_NETFILTER_XT_CONNMARK=m
CONFIG_NETFILTER_XT_SET=m
CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
CONFIG_NETFILTER_XT_TARGET_CT=m
CONFIG_NETFILTER_XT_TARGET_DSCP=m
CONFIG_NETFILTER_XT_TARGET_HL=m
CONFIG_NETFILTER_XT_TARGET_HMARK=m
CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m
CONFIG_NETFILTER_XT_TARGET_LED=m
CONFIG_NETFILTER_XT_TARGET_LOG=m
CONFIG_NETFILTER_XT_TARGET_MARK=m
CONFIG_NETFILTER_XT_TARGET_NETMAP=m
CONFIG_NETFILTER_XT_TARGET_NFLOG=m
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
CONFIG_NETFILTER_XT_TARGET_RATEEST=m
CONFIG_NETFILTER_XT_TARGET_REDIRECT=m
CONFIG_NETFILTER_XT_TARGET_TEE=m
CONFIG_NETFILTER_XT_TARGET_TPROXY=m
CONFIG_NETFILTER_XT_TARGET_TRACE=m
CONFIG_NETFILTER_XT_TARGET_SECMARK=m
CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
CONFIG_NETFILTER_XT_MATCH_BPF=m
CONFIG_NETFILTER_XT_MATCH_CGROUP=m
CONFIG_NETFILTER_XT_MATCH_CLUSTER=m
CONFIG_NETFILTER_XT_MATCH_COMMENT=m
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
CONFIG_NETFILTER_XT_MATCH_CONNLABEL=m
CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m
CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
CONFIG_NETFILTER_XT_MATCH_CPU=m
CONFIG_NETFILTER_XT_MATCH_DCCP=m
CONFIG_NETFILTER_XT_MATCH_DEVGROUP=m
CONFIG_NETFILTER_XT_MATCH_DSCP=m
CONFIG_NETFILTER_XT_MATCH_ECN=m
CONFIG_NETFILTER_XT_MATCH_ESP=m
CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m
CONFIG_NETFILTER_XT_MATCH_HELPER=m
CONFIG_NETFILTER_XT_MATCH_HL=m
CONFIG_NETFILTER_XT_MATCH_IPCOMP=m
CONFIG_NETFILTER_XT_MATCH_IPRANGE=m
CONFIG_NETFILTER_XT_MATCH_IPVS=m
CONFIG_NETFILTER_XT_MATCH_L2TP=m
CONFIG_NETFILTER_XT_MATCH_LENGTH=m
CONFIG_NETFILTER_XT_MATCH_LIMIT=m
CONFIG_NETFILTER_XT_MATCH_MAC=m
CONFIG_NETFILTER_XT_MATCH_MARK=m
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m
CONFIG_NETFILTER_XT_MATCH_NFACCT=m
CONFIG_NETFILTER_XT_MATCH_OSF=m
CONFIG_NETFILTER_XT_MATCH_OWNER=m
CONFIG_NETFILTER_XT_MATCH_POLICY=m
CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
CONFIG_NETFILTER_XT_MATCH_QUOTA=m
CONFIG_NETFILTER_XT_MATCH_RATEEST=m
CONFIG_NETFILTER_XT_MATCH_REALM=m
CONFIG_NETFILTER_XT_MATCH_RECENT=m
CONFIG_NETFILTER_XT_MATCH_SCTP=m
CONFIG_NETFILTER_XT_MATCH_SOCKET=m
CONFIG_NETFILTER_XT_MATCH_STATE=m
CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
CONFIG_NETFILTER_XT_MATCH_STRING=m
CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
CONFIG_NETFILTER_XT_MATCH_TIME=m
CONFIG_NETFILTER_XT_MATCH_U32=m
CONFIG_IP_NF_MATCH_RPFILTER=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP6_NF_MATCH_RPFILTER=m
CONFIG_IP6_NF_FILTER=m
CONFIG_BRIDGE_EBT_T_FILTER=m
# CONFIG_ATM_BR2684_IPFILTER is not set
CONFIG_BRIDGE_VLAN_FILTERING=y
CONFIG_BT_BNEP_MC_FILTER=y
CONFIG_BT_BNEP_PROTO_FILTER=y
CONFIG_PPP_FILTER=y
CONFIG_IPPP_FILTER=y
Even tho i think the module is properly loaded, i ran:
[[email protected] ~]# modprobe iptable-filter
[[email protected] ~]# echo $?
130

Have you tried using “-t nat” instead of “-t NAT” in your iptables command?

分类: Linux安全防护 标签:
本文的评论功能被关闭了.