Iptables NAT feature settings and Linux upgrade kernel encounter can ' t initialize iptables table ' NAT ': Table does not exist problem __linux

How to use the Iptables NAT feature to use the Red Hat Enterprise Linux as a router.


Method:


Tip: The following methods only apply to the Red Hat Enterprise version of Linux more than 3.


1, turn on the package forwarding function:


echo "1" >/proc/sys/net/ipv4/ip_forward


2, modify the/etc/sysctl.conf file, let the packet forwarding function automatically when the system starts:
# Controls IP Packet forwarding


Net.ipv4.ip_forward = 1


3, open the iptables NAT function:


/sbin/iptables-t nat-a postrouting-o Ppp0-j Masquerade


Note: Ppp0 in the above statement is a network adapter that connects to the extranet or connects to the Internet. Execute the following command to save the iptables rule: Service iptables save


4, view the routing table:


Netstat-rn or Route-n


5, view the Iptables rules:


Iptables-l


View NAT Tables

Iptables-t nat-l

After compiling the new kernel,
# iptables-t NAT-NL Tips


Iptables V1.3.5:can ' t initialize iptables table ' NAT ': Table does not exist (does you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.


Workaround: Add the following modules when compiling the kernel


Linux Kernel Configuration
-> Networking Support
-> Networking Options
-> network packet filtering framework (NetFilter)
-> Core netfilter Configuration
-> NetFilter Connection Tracking support
-> Netbios Name Service protocal support (new)
-> NetFilter xtables Support (required for ip_tables)


Linux Kernel Configuration
-> Networking Support
-> Networking Options
-> network packet filtering framework (NetFilter)
-> Ip:netfilter Configuration
-> IPV4 Connection Tracking support (require for NAT)
-> IP Tables Support (required for Filtering/masq/nat)
-> Full NAT
-> Masquerade Target Support
-> REDIRECT Target Support

Make-j2

Make-j2 All

Make-j2 Modules_install

Make-j2 Install

Reboot and reconfigure NAT after the upgrade is complete.

can ' t initialize iptables table ' NAT ': Table does modprobe ip_tables modprobe ip_conntrack modprobe Lter modprobe ipt_state

Etworking--->
Networking Options--->
Network packet filtering Framework (NetFilter)--->
Core NetFilter Configuration--->
Now just set the modules your need for your netfilter box. That's it, I Hope now it works for you.



If the following information appears in the execution iptable-l, then the kernel needs to be reconfigured and compiled:
Iptables V1.4.2:can ' t initialize iptables table ' filter ': Table does not exist (does you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

Configuration options:

Networking-->

Networking options-->

[*] Network packet filtering (replaces IPChains)->

Core NetFilter configuration->

<*> NetFilter xtables Support (required for ip_tables)

Ip:netfilter configuration->

<*> Connection Tracking (required for Masq/nat)

<*> IP Tables Support (required for Filtering/masq/nat)

<*> IP Range Match support

<*> Packet Filtering

<*> REJECT Target Support

<*> Full NAT

Ip_forward

In addition, you need to turn on IP forwarding on the host to maintain the connection channel.

To see if IP forwarding is turned on (1 means open):

Cat/proc/sys/net/ipv4/ip_forward

If it is not open, open it with the following command:

Echo 1 >/proc/sys/net/ipv4/ip_forward

Save Settings

The above iptables settings and IP forwarding settings disappear after restarting the system, so save your settings if necessary.

Save Iptables Settings:

/etc/init.d/iptables Save

Set the Iptables setting to load automatically when the system starts (take Gentoo as an example):

Rc-update Add iptables Default

Save Ip_forward settings (set in/etc/sysctl.conf):

Net.ipv4.ip_forward = 1

Security Risks

After opening the Ip_forward, you typically open Rp_filter (Reverse Path filter) and check the source address of the packet.

If you do not open this setting, you are vulnerable to IP spoofing from the intranet.

Open Rp_filter:

for f In/proc/sys/net/ipv4/conf/*/rp_filter; Do echo 1 > $f; Done

Save Settings (set in/etc/sysctl.conf):

Net.ipv4.conf.default.rp_filter = 1

Net.ipv4.conf.all.rp_filter = 1

If the following information appears in the execution iptable-l, then the kernel needs to be reconfigured and compiled:

Iptables V1.4.2:can ' t initialize iptables table ' filter ': Table does not exist (does you need to insmod?)

Perhaps iptables or your kernel needs to be upgraded.

Configuration options:

Networking-->

Networking options-->

[*] Network packet filtering (replaces IPChains)->

Core NetFilter configuration->

<*> NetFilter xtables Support (required for ip_tables)

Ip:netfilter configuration->

<*> Connection Tracking (required for Masq/nat)

<*> IP Tables Support (required for Filtering/masq/nat)

<*> IP Range Match support

<*> Packet Filtering

<*> REJECT Target Support

<*> Full NAT

The above configuration is only for port mapping, and if additional functionality is required, add the relevant configuration as needed.

Compile the install kernel step skip.

Iptabes

The iptables rules are as follows:

Iptables-t nat-a prerouting-p tcp–dport 11101-d 192.168.1.100-j dnat–to-destination 192.168.2.101:22