我刚刚将旧的 Debian Jessie 服务器更新为 Buster,但在 iptables 方面遇到了一些问题。我知道后端已经随着更新而改变,但我对此绝对没有任何知识或经验。
运行sudo journalctl -e -u netfilter-persistent.service给我以下错误
Jul 22 16:49:35 systemd[1]: Starting netfilter persistent configuration...
Jul 22 16:49:35 netfilter-persistent[1069]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
Jul 22 16:49:35 netfilter-persistent[1069]: iptables-restore v1.8.2 (nf_tables): Chain 'MASQUERADE' does not exist
Jul 22 16:49:35 netfilter-persistent[1069]: Error occurred at line: 6
Jul 22 16:49:35 netfilter-persistent[1069]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Jul 22 16:49:35 netfilter-persistent[1069]: run-parts: /usr/share/netfilter-persistent/plugins.d/15-ip4tables exited with return code 2
Jul 22 16:49:35 netfilter-persistent[1069]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
Jul 22 16:49:35 netfilter-persistent[1069]: ip6tables-restore: line 8 failed
Jul 22 16:49:35 netfilter-persistent[1069]: run-parts: /usr/share/netfilter-persistent/plugins.d/25-ip6tables exited with return code 1
Jul 22 16:49:35 systemd[1]: netfilter-persistent.service: Main process exited, code=exited, status=1/FAILURE
Jul 22 16:49:35 systemd[1]: netfilter-persistent.service: Failed with result 'exit-code'.
Jul 22 16:49:35 systemd[1]: Failed to start netfilter persistent configuration.
下面是我的iptables
# Generated by iptables-save v1.4.21 on Wed Sep 12 09:39:51 2018
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o venet0 -j MASQUERADE
-A POSTROUTING -o venet0 -j MASQUERADE
COMMIT
# Completed on Wed Sep 12 09:39:51 2018
# Generated by iptables-save v1.4.21 on Wed Sep 12 09:39:51 2018
*mangle
:PREROUTING ACCEPT [5:200]
:INPUT ACCEPT [5:200]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5:680]
:POSTROUTING ACCEPT [5:680]
COMMIT
# Completed on Wed Sep 12 09:39:51 2018
# Generated by iptables-save v1.4.21 on Wed Sep 12 09:39:51 2018
*raw
:PREROUTING ACCEPT [5:200]
:OUTPUT ACCEPT [5:680]
COMMIT
# Completed on Wed Sep 12 09:39:51 2018
# Generated by iptables-save v1.4.21 on Wed Sep 12 09:39:51 2018
*filter
:INPUT ACCEPT [5:200]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5:680]
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Wed Sep 12 09:39:51 2018
注释掉第 6 行和第 7 行会导致此错误
Jul 22 16:43:38 systemd[1]: Starting netfilter persistent configuration...
Jul 22 16:43:38 netfilter-persistent[663]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
Jul 22 16:43:38 netfilter-persistent[663]: iptables-restore: line 8 failed
Jul 22 16:43:38 systemd[1]: netfilter-persistent.service: Main process exited, code=exited, status=1/FAILURE
Jul 22 16:43:38 netfilter-persistent[663]: run-parts: /usr/share/netfilter-persistent/plugins.d/15-ip4tables exited with return code 1
Jul 22 16:43:38 netfilter-persistent[663]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
Jul 22 16:43:38 systemd[1]: netfilter-persistent.service: Failed with result 'exit-code'.
Jul 22 16:43:38 netfilter-persistent[663]: ip6tables-restore: line 8 failed
Jul 22 16:43:38 systemd[1]: Failed to start netfilter persistent configuration.
Jul 22 16:43:38 netfilter-persistent[663]: run-parts: /usr/share/netfilter-persistent/plugins.d/25-ip6tables exited with return code 1
我也尝试过使用 update-alternatives 返回旧版 iptables,但这样做又给了我另一个错误
Jul 22 16:52:44 systemd[1]: Starting netfilter persistent configuration...
Jul 22 16:52:44 netfilter-persistent[1130]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
Jul 22 16:52:44 netfilter-persistent[1130]: iptables-restore v1.8.2 (legacy): iptables-restore: unable to initialize table 'nat'
Jul 22 16:52:44 netfilter-persistent[1130]: Error occurred at line: 2
Jul 22 16:52:44 netfilter-persistent[1130]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Jul 22 16:52:44 netfilter-persistent[1130]: run-parts: /usr/share/netfilter-persistent/plugins.d/15-ip4tables exited with return code 2
Jul 22 16:52:44 netfilter-persistent[1130]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
Jul 22 16:52:44 netfilter-persistent[1130]: ip6tables-restore: line 8 failed
Jul 22 16:52:44 netfilter-persistent[1130]: run-parts: /usr/share/netfilter-persistent/plugins.d/25-ip6tables exited with return code 1
Jul 22 16:52:44 systemd[1]: netfilter-persistent.service: Main process exited, code=exited, status=1/FAILURE
Jul 22 16:52:44 systemd[1]: netfilter-persistent.service: Failed with result 'exit-code'.
Jul 22 16:52:44 systemd[1]: Failed to start netfilter persistent configuration.
尝试运行sudo apt-get upgrade出现以下错误
sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
2 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Setting up netfilter-persistent (1.0.11) ...
Job for netfilter-persistent.service failed because the control process exited with error code.
See "systemctl status netfilter-persistent.service" and "journalctl -xe" for details.
invoke-rc.d: initscript netfilter-persistent, action "restart" failed.
● netfilter-persistent.service - netfilter persistent configuration
Loaded: loaded (/lib/systemd/system/netfilter-persistent.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2020-07-22 16:57:09 CEST; 13ms ago
Process: 1498 ExecStart=/usr/sbin/netfilter-persistent start (code=exited, status=1/FAILURE)
Main PID: 1498 (code=exited, status=1/FAILURE)
Jul 22 16:57:09 netfilter-persistent[1498]: iptables-restore v1.8.2 (legacy): iptables-restore: unable to initialize table 'nat'
Jul 22 16:57:09 netfilter-persistent[1498]: Error occurred at line: 2
Jul 22 16:57:09 netfilter-persistent[1498]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Jul 22 16:57:09 systemd[1]: netfilter-persistent.service: Main process exited, code=exited, status=1/FAILURE
Jul 22 16:57:09 netfilter-persistent[1498]: run-parts: /usr/share/netfilter-persistent/plugins.d/15-ip4tables exited with return code 2
Jul 22 16:57:09 netfilter-persistent[1498]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
Jul 22 16:57:09 systemd[1]: netfilter-persistent.service: Failed with result 'exit-code'.
Jul 22 16:57:09 netfilter-persistent[1498]: ip6tables-restore: line 8 failed
Jul 22 16:57:09 netfilter-persistent[1498]: run-parts: /usr/share/netfilter-persistent/plugins.d/25-ip6tables exited with return code 1
Jul 22 16:57:09 systemd[1]: Failed to start netfilter persistent configuration.
dpkg: error processing package netfilter-persistent (--configure):
installed netfilter-persistent package post-installation script subprocess returned error exit status 1
dpkg: dependency problems prevent configuration of iptables-persistent:
iptables-persistent depends on netfilter-persistent (= 1.0.11); however:
Package netfilter-persistent is not configured yet.
dpkg: error processing package iptables-persistent (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
netfilter-persistent
iptables-persistent
E: Sub-process /usr/bin/dpkg returned an error code (1)
我不知道我在这里做什么,我所做的研究表明要么“修复rules.v4文件”,要么恢复到旧版替代方案。似乎两者都不起作用,而且我不太了解rules.v4中发生的情况,不足以修复它。
谢谢
编辑:apt-cache policy根据要求
Package files:
100 /var/lib/dpkg/status
release a=now
500 http://ftp.us.debian.org/debian buster-updates/main amd64 Packages
release o=Debian,a=stable-updates,n=buster-updates,l=Debian,c=main,b=amd64
origin ftp.us.debian.org
500 http://security.debian.org buster/updates/main amd64 Packages
release v=10,o=Debian,a=stable,n=buster,l=Debian-Security,c=main,b=amd64
origin security.debian.org
500 http://ftp.us.debian.org/debian buster/main amd64 Packages
release v=10.4,o=Debian,a=stable,n=buster,l=Debian,c=main,b=amd64
origin ftp.us.debian.org
Pinned packages:
输出dpkg -l | egrep -v '^ii'
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-===============================-====================================-============-===============================================================================
rc acl 2.2.53-4 amd64 access control list - utilities
rc avahi-daemon 0.6.31-5 amd64 Avahi mDNS/DNS-SD daemon
rc dpkg-dev 1.19.7 all Debian package development tools
rc libapt-inst1.5:amd64 1.0.9.8.4 amd64 deb package format runtime library
rc libass5:amd64 0.10.2-3 amd64 library for SSA/ASS subtitles rendering
rc libav-tools 6:11.12-1~deb8u1 amd64 Multimedia player, encoder and transcoder
rc libavahi-compat-libdnssd1:amd64 0.6.31-5 amd64 Avahi Apple Bonjour compatibility library
rc libavahi-core7:amd64 0.6.31-5 amd64 Avahi's embeddable mDNS/DNS-SD library
rc libavcodec53:amd64 6:0.8.21-0+deb7u1 amd64 Libav codec library
rc libavcodec56:amd64 6:11.12-1~deb8u1 amd64 Libav codec library
rc libavdevice53:amd64 6:0.8.21-0+deb7u1 amd64 Libav device handling library
rc libavdevice55:amd64 6:11.12-1~deb8u1 amd64 Libav device handling library
rc libavfilter2:amd64 6:0.8.21-0+deb7u1 amd64 Libav video filtering library
rc libavfilter5:amd64 6:11.12-1~deb8u1 amd64 Libav video filtering library
rc libavformat53:amd64 6:0.8.21-0+deb7u1 amd64 Libav file format library
rc libavformat56:amd64 6:11.12-1~deb8u1 amd64 Libav file format library
rc libavresample2:amd64 6:11.12-1~deb8u1 amd64 Libav audio resampling library
rc libavutil51:amd64 6:0.8.21-0+deb7u1 amd64 Libav utility library
rc libavutil54:amd64 6:11.12-1~deb8u1 amd64 Libav utility library
rc libbind9-80 1:9.8.4.dfsg.P1-6+nmu2+deb7u20 amd64 BIND9 Shared Library used by BIND
rc libbind9-90 1:9.9.5.dfsg-9+deb8u16 amd64 BIND9 Shared Library used by BIND
rc libbluray1:amd64 1:0.6.2-1 amd64 Blu-ray disc playback support library (shared library)
rc libcdio-cdda1 0.83-4.2 amd64 library to read and control digital audio CDs
rc libcdio-paranoia1 0.83-4.2 amd64 library to read digital audio CDs with error correction
rc libcdio13 0.83-4.2 amd64 library to read and control CD-ROM
rc libcryptsetup4:amd64 2:1.6.6-5 amd64 disk encryption support - shared library
rc libdaemon0:amd64 0.14-6 amd64 lightweight C library for daemons - runtime library
rc libdirac-encoder0:amd64 1.0.2-7.1 amd64 open and royalty free high quality video codec - encoder library
rc libdirectfb-1.2-9:amd64 1.2.10.0-5.1 amd64 direct frame buffer graphics - shared libraries
rc libdns-export100 1:9.9.5.dfsg-9+deb8u16 amd64 Exported DNS Shared Library
rc libdns100 1:9.9.5.dfsg-9+deb8u16 amd64 DNS Shared Library used by BIND
rc libdns88 1:9.8.4.dfsg.P1-6+nmu2+deb7u20 amd64 DNS Shared Library used by BIND
rc libevent-2.0-5:amd64 2.0.21-stable-2+deb8u1 amd64 Asynchronous event notification library
rc libfakeroot:amd64 1.23-1 amd64 tool for simulating superuser privileges - shared libraries
rc libffi5:amd64 3.0.10-3+deb7u2 amd64 Foreign Function Interface library runtime
rc libgcrypt11:amd64 1.5.0-5+deb7u6 amd64 LGPL Crypto library - runtime library
rc libgdbm3:amd64 1.8.3-13.1 amd64 GNU dbm database routines (runtime version)
rc libgeoip1:amd64 1.6.2-4 amd64 non-DNS IP-to-country resolver library
rc libgnutls-deb0-28:amd64 3.3.30-0+deb8u1 amd64 GNU TLS library - main runtime library
rc libgnutls26:amd64 2.12.20-8+deb7u5 amd64 GNU TLS library - runtime library
rc libhogweed2:amd64 2.7.1-5+deb8u2 amd64 low level cryptographic library (public-key cryptos)
rc libiceutil34 3.4.2-8.2 amd64 Ice for C++ misc utility library
rc libiceutil35:amd64 3.5.1-6+b3 amd64 Ice for C++ misc utility library
rc libicu52:amd64 52.1-8+deb8u7 amd64 International Components for Unicode
rc libirs-export91 1:9.9.5.dfsg-9+deb8u16 amd64 Exported IRS Shared Library
rc libisc-export95 1:9.9.5.dfsg-9+deb8u16 amd64 Exported ISC Shared Library
rc libisc84 1:9.8.4.dfsg.P1-6+nmu2+deb7u20 amd64 ISC Shared Library used by BIND
rc libisc95 1:9.9.5.dfsg-9+deb8u16 amd64 ISC Shared Library used by BIND
rc libisccc80 1:9.8.4.dfsg.P1-6+nmu2+deb7u20 amd64 Command Channel Library used by BIND
rc libisccc90 1:9.9.5.dfsg-9+deb8u16 amd64 Command Channel Library used by BIND
rc libisccfg-export90 1:9.9.5.dfsg-9+deb8u16 amd64 Exported ISC CFG Shared Library
rc libisccfg82 1:9.8.4.dfsg.P1-6+nmu2+deb7u20 amd64 Config File Handling Library used by BIND
rc libisccfg90 1:9.9.5.dfsg-9+deb8u16 amd64 Config File Handling Library used by BIND
rc libjasper1:amd64 1.900.1-debian1-2.4+deb8u5 amd64 JasPer JPEG-2000 runtime library
rc libjson-c2:amd64 0.11-4 amd64 JSON manipulation library - shared library
rc libllvm3.5:amd64 1:3.5-10 amd64 Modular compiler and toolchain technologies, runtime library
rc liblogging-stdlog0:amd64 1.0.4-1 amd64 easy to use and lightweight logging library
rc liblognorm1:amd64 1.0.1-3 amd64 Log normalizing library
rc liblwres80 1:9.8.4.dfsg.P1-6+nmu2+deb7u20 amd64 Lightweight Resolver Library used by BIND
rc liblwres90 1:9.9.5.dfsg-9+deb8u16 amd64 Lightweight Resolver Library used by BIND
rc libmodule-build-perl 0.422400-1 all framework for building and installing Perl modules
rc libmpc2:amd64 0.9-4 amd64 multiple precision complex floating-point library
rc libmysqlclient18:amd64 5.5.60-0+deb8u1 amd64 MySQL database client library
rc libnettle4:amd64 2.7.1-5+deb8u2 amd64 low level cryptographic library (symmetric and one-way cryptos)
rc libnss-mdns:amd64 0.10-6 amd64 NSS module for Multicast DNS name resolution
rc libopencv-core2.3 2.3.1-11+deb7u4 amd64 computer vision core library
rc libopencv-core2.4:amd64 2.4.9.1+dfsg-1+deb8u2 amd64 computer vision core library
rc libopencv-imgproc2.3 2.3.1-11+deb7u4 amd64 computer vision Image Processing library
rc libopencv-imgproc2.4:amd64 2.4.9.1+dfsg-1+deb8u2 amd64 computer vision Image Processing library
rc libopenjpeg2:amd64 1.3+dfsg-4.8 amd64 JPEG 2000 image compression/decompression library
rc libopenjpeg5:amd64 1:1.5.2-3 amd64 JPEG 2000 image compression/decompression library - runtime
rc libopenvg1-mesa:amd64 10.3.2-1+deb8u1 amd64 free implementation of the OpenVG API -- runtime
rc liborc-0.4-0:amd64 1:0.4.22-1 amd64 Library of Optimized Inner Loops Runtime Compiler
rc libpgm-5.1-0 5.1.118-1~dfsg-1 amd64 OpenPGM shared library
rc libpng12-0:amd64 1.2.50-2+deb8u3 amd64 PNG library - runtime
rc libpod-latex-perl 0.61-2 all module to convert Pod data to formatted LaTeX
rc libpostproc52 6:0.git20120821-4 amd64 FFmpeg derived postprocessing library
rc libprocps0:amd64 1:3.3.3-3+deb7u1 amd64 library for accessing process information from /proc
rc libprocps3:amd64 2:3.3.9-9+deb8u1 amd64 library for accessing process information from /proc
rc libprotobuf7 2.4.1-3 amd64 protocol buffers C++ library
rc libprotobuf9:amd64 2.6.1-1 amd64 protocol buffers C++ library
rc libpsl0:amd64 0.5.1-1 amd64 Library for Public Suffix List (shared libraries)
rc libqt4-network:amd64 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 amd64 Qt 4 network module
rc libqt4-sql:amd64 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 amd64 Qt 4 SQL module
rc libqt4-xml:amd64 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 amd64 Qt 4 XML module
rc libqtcore4:amd64 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 amd64 Qt 4 core module
rc libqtdbus4:amd64 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 amd64 Qt 4 D-Bus module library
rc librtmp0:amd64 2.4+20111222.git4e06e21-1+deb7u1 amd64 toolkit for RTMP streams (shared library)
rc libschroedinger-1.0-0:amd64 1.0.11-2.1 amd64 library for encoding/decoding of Dirac video streams
rc libsdl1.2debian:amd64 1.2.15-10+b1 amd64 Simple DirectMedia Layer
rc libsnappy1 1.1.2-3 amd64 fast compression/decompression library
rc libsodium13:amd64 1.0.0-1 amd64 Network communication, cryptography and signaturing library
rc libswscale2:amd64 6:0.8.21-0+deb7u1 amd64 Libav video scaling library
rc libswscale3:amd64 6:11.12-1~deb8u1 amd64 Libav video scaling library
rc libsystemd-login0:amd64 215-17+deb8u7 amd64 systemd login utility library (deprecated)
rc libtasn1-3:amd64 2.13-2+deb7u5 amd64 Manage ASN.1 structures (runtime)
rc libtcl8.5:amd64 8.5.17-1 amd64 Tcl (the Tool Command Language) v8.5 - run-time library files
rc libtiff4:amd64 3.9.6-11+deb7u11 amd64 Tag Image File Format (TIFF) library (old version)
rc libts-0.0-0:amd64 1.0-11 amd64 touch screen library
rc libtxc-dxtn-s2tc0:amd64 0~git20131104-1.1 amd64 Texture compression library for Mesa
rc libva-drm1:amd64 1.4.1-1 amd64 Video Acceleration (VA) API for Linux -- DRM runtime
rc libva-x11-1:amd64 1.4.1-1 amd64 Video Acceleration (VA) API for Linux -- X11 runtime
rc libva1:amd64 1.4.1-1 amd64 Video Acceleration (VA) API for Linux -- runtime
rc libvpx1:amd64 1.3.0-3+deb8u1 amd64 VP8 and VP9 video codec (shared library)
rc libwebp5:amd64 0.4.1-1.2+b2 amd64 Lossy compression of digital photographic images.
rc libx264-123:amd64 2:0.123.2189+git35cf912-1 amd64 x264 video coding library
rc libx264-142:amd64 2:0.142.2431+gita5831aa-1+b2 amd64 x264 video coding library
rc libxtables10 1.4.21-2+b1 amd64 netfilter xtables library
rc libzeroc-ice34 3.4.2-8.2 amd64 Ice for C++ runtime library
rc libzeroc-ice35:amd64 3.5.1-6+b3 amd64 Ice for C++ runtime library
rc libzmq3:amd64 4.0.5+dfsg-2+deb8u1 amd64 lightweight messaging kernel (shared library)
rc mumble-server 1.2.8-2 amd64 Low latency encrypted VoIP server
rc mysql-common 5.5.60-0+deb8u1 all MySQL database common files, e.g. /etc/mysql/my.cnf
rc perl-modules 5.20.2-3+deb8u12 all Core Perl modules
rc proftpd-basic 1.3.4a-5+deb7u1 amd64 Versatile, virtual-hosting FTP daemon - binaries
rc rsync 3.1.3-6 amd64 fast, versatile, remote (and local) file-copying tool
rc sgml-base 1.29 all SGML infrastructure and SGML catalog file support
rc tcl8.5 8.5.17-1 amd64 Tcl (the Tool Command Language) v8.5 - shell
rc tsconf 1.0-11 all touch screen library common files
rc udev 241-7~deb10u4 amd64 /dev/ and hotplug management daemon
rc update-inetd 4.43 all inetd configuration file updater
rc xml-core 0.18+nmu1 all XML infrastructure and XML catalog file support
答案1
你是如何失去 udev 和 acl 的?首先备份您的重要日期。
mkdir $HOME/apt-download && cd $HOME/apt-download
然后我们用wget绘制包
wget -c http://ftp.us.debian.org/debian/pool/main/s/systemd/udev_241-7~deb10u4_amd64.deb
和
wget -c http://ftp.us.debian.org/debian/pool/main/i/iptables-persistent/netfilter-persistent_1.0.11_all.deb
和
wget -c http://ftp.us.debian.org/debian/pool/main/a/acl/acl_2.2.53-4_amd64.deb
全部安装
sudo dpkg -i netfilter-persistent_1.0.11_all.deb udev_241-7~deb10u4_amd64.deb acl_2.2.53-4_amd64.deb
仅当没有错误时
sudo dpkg --configure -a && sudo apt -f install
当 apt 和 dpkg 空闲时
sudo apt update && sudo apt full-upgrade