添加重定向时出现 Iptables 错误

tag-icon tag-icon centos iptables
添加重定向时出现 Iptables 错误

我正在尝试应用以下内容:

/sbin/iptables -t nat -I PREROUTING --src 0/0 --dst [MY IP] -p tcp --dport 40 -j REDIRECT --to-ports 80

但是我收到以下错误:

iptables v1.3.5: can't initialize iptables table `/sbin/nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

我正在运行 CentOS 5.5。有人能提供建议吗?

更新

ifconfig输出:

eth0      Link encap:Ethernet  HWaddr 00:18:51:A4:3E:E0
          inet addr:x.x.x.x  Bcast:173.201.16.255  Mask:255.255.255.0
          inet6 addr: fe80::218:51ff:fea4:3ee0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:29678326 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13545931 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2604591444 (2.4 GiB)  TX bytes:6052013635 (5.6 GiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:34139502 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34139502 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:5160432652 (4.8 GiB)  TX bytes:5160432652 (4.8 GiB)

lo:1      Link encap:Local Loopback
          inet addr:97.74.207.156  Mask:255.255.255.255
          UP LOOPBACK RUNNING  MTU:16436  Metric:1

lo:2      Link encap:Local Loopback
          inet addr:173.201.181.56  Mask:255.255.255.255
          UP LOOPBACK RUNNING  MTU:16436  Metric:1

uname -a输出:

Linux ip-173-201-16-45.ip.secureserver.net 2.6.18-028stab070.14 #1 SMP Thu Nov 18 16:04:02 MSK 2010 i686 i686 i386 GNU/Linux

更新2

grep -v \# /etc/sysconfig/iptables-config输出:

IPTABLES_MODULES=""

IPTABLES_MODULES_UNLOAD="yes"

IPTABLES_SAVE_ON_STOP="no"

IPTABLES_SAVE_ON_RESTART="no"

IPTABLES_SAVE_COUNTER="no"

IPTABLES_STATUS_NUMERIC="yes"

IPTABLES_STATUS_VERBOSE="no"

更新 3

sudo /sbin/iptables -L输出:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

sudo /sbin/lsmod | egrep -i iptables输出:空白。

sudo /sbin/lsmod | egrep -i nat输出:空白。

更新 4

uname -a输出:

Linux ip-173-201-16-45.ip.secureserver.net 2.6.18-028stab070.14 #1 SMP Thu Nov 18 16:04:02 MSK 2010 i686 i686 i386 GNU/Linux

答案1

根据您的内核版本判断您正在 OpenVZ 容器内运行。

要么您缺少 /lib/xtables 中的 NAT 库,要么 OpenVZ 内核实际上没有加载 NAT 内核模块 - 我敢打赌后者最有可能是这种情况;如果您想要 NAT,您需要让您的 VPS 提供商为您加载模块。

答案2

修改 /etc/sysconfig/iptables-config 如下:

IPTABLES_MODULES="iptable_nat"

相关内容