Estou tentando usar o DNAT em um novo destino Linux personalizado, mas recebo um erro com o seguinte comando básico:
#iptables -t nat -A PREROUTING -d 10.110.0.250 -p tcp --dport 9090 -j DNAT --to 10.110.0.239:80
$iptables: No chain/target/match by that name.
Acho que todos os módulos estão carregados corretamente:
# lsmod | grep ip
ipt_MASQUERADE 1686 1 - Live 0xbf15c000
iptable_nat 2396 1 - Live 0xbf150000
nf_conntrack_ipv4 11354 1 - Live 0xbf149000
nf_defrag_ipv4 1331 1 nf_conntrack_ipv4, Live 0xbf145000
nf_nat_ipv4 3401 1 iptable_nat, Live 0xbf141000
nf_nat 13364 4 ipt_MASQUERADE,xt_nat,iptable_nat,nf_nat_ipv4, Live 0xbf138000
nf_conntrack 72079 6 ipt_MASQUERADE,xt_conntrack,iptable_nat,nf_conntrack_ipv4,nf_nat_ipv4,nf_nat, Live 0xbf11b000
ip_tables 10836 1 iptable_nat, Live 0xbf114000
x_tables 16429 4 ipt_MASQUERADE,xt_conntrack,xt_nat,ip_tables, Live 0xbf10a000
O encaminhamento está ativo:
# cat /proc/sys/net/ipv4/ip_forward
1
strace não me dá nenhuma pista sobre o problema:
# ...
socket(PF_LOCAL, SOCK_STREAM, 0) = 3
bind(3, {sa_family=AF_LOCAL, sun_path=@"xtables"}, 10) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 4
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
getsockopt(4, SOL_IP, 0x40 /* IP_??? */, "natiptables -t nat -A PREROUTING -d 10.110.0.250 -p tcp -j DNAT --to 10.110.0.239:80
#iptables -t nat -A PREROUTING -d 10.110.0.250 -p tcp --dport 9090 -j DNAT --to 10.110.0.239:80
$iptables: No chain/target/match by that name.
# lsmod | grep ip
ipt_MASQUERADE 1686 1 - Live 0xbf15c000
iptable_nat 2396 1 - Live 0xbf150000
nf_conntrack_ipv4 11354 1 - Live 0xbf149000
nf_defrag_ipv4 1331 1 nf_conntrack_ipv4, Live 0xbf145000
nf_nat_ipv4 3401 1 iptable_nat, Live 0xbf141000
nf_nat 13364 4 ipt_MASQUERADE,xt_nat,iptable_nat,nf_nat_ipv4, Live 0xbf138000
nf_conntrack 72079 6 ipt_MASQUERADE,xt_conntrack,iptable_nat,nf_conntrack_ipv4,nf_nat_ipv4,nf_nat, Live 0xbf11b000
ip_tables 10836 1 iptable_nat, Live 0xbf114000
x_tables 16429 4 ipt_MASQUERADE,xt_conntrack,xt_nat,ip_tables, Live 0xbf10a000
# cat /proc/sys/net/ipv4/ip_forward
1
# ...
socket(PF_LOCAL, SOCK_STREAM, 0) = 3
bind(3, {sa_family=AF_LOCAL, sun_path=@"xtables"}, 10) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 4
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
getsockopt(4, SOL_IP, 0x40 /* IP_??? */, "natiptables -t nat -A PREROUTING -d 10.110.0.250 -p tcp -j DNAT --to 10.110.0.239:80
%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%"..., [84]) = 0
getsockopt(4, SOL_IP, 0x41 /* IP_??? */, "nat%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%"..., [992]) = 0
setsockopt(4, SOL_IP, 0x40 /* IP_??? */, "nat%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%"..., 1264) = -1 ENOENT (No such file or directory)
close(4) = 0
write(2, "iptables: No chain/target/match "..., 46iptables: No chain/target/match by that name.
) = 46
exit_group(1) = ?
+++ exited with 1 +++
%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%"..., [84]) = 0
getsockopt(4, SOL_IP, 0x41 /* IP_??? */, "nat%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%"..., [992]) = 0
setsockopt(4, SOL_IP, 0x40 /* IP_??? */, "nat%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%"..., 1264) = -1 ENOENT (No such file or directory)
close(4) = 0
write(2, "iptables: No chain/target/match "..., 46iptables: No chain/target/match by that name.
) = 46
exit_group(1) = ?
+++ exited with 1 +++
O que está errado?
[EDITAR]
Descobri que, se eu remover a porta de destino, o comando está funcionando
%pre%
[/ EDIT
Obrigado.