Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-07-2014, 09:15 AM
|
#1
|
LQ Newbie
Registered: Sep 2011
Posts: 16
Rep:
|
Cannot redirect port number
Greetings:
I am attempting to set up a port redirect using iptables. After looking at various instructions, posts, and blogs, I have determined that the following command line entry should work:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
It does not appear to, though. When I enter this line I get the following error message:
iptables: No chain/target/match by that name.
Can someone tell me what exactly does that mean and how I can get this redirect to work? Thank you...
|
|
|
03-08-2014, 04:08 AM
|
#2
|
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348
Rep:
|
The syntax is correct if what you want to do is redirect HTTP traffic passing through a Linux system acting as a router to a local proxy service running on port 8080.
The error message means you're running a Linux kernel that lacks support for either the PREROUTING chain, the REDIRECT target or the "-p tcp --dport" match. The most likely culprit is the REDIRECT match, and the output from the following command should be enough to confirm or disprove that:
Code:
zcat /proc/config.gz | grep TARGET_REDIRECT
Which distribution and kernel version ( uname -rm) are you running?
|
|
1 members found this post helpful.
|
03-08-2014, 12:37 PM
|
#3
|
LQ Newbie
Registered: Sep 2011
Posts: 16
Original Poster
Rep:
|
Info Requested
Greetings:
Apparently, there is no config.gz on my system. I got "no such file or directory"errors when I attempted the zcat, and when I did a find (different distributions may put it in different places) it appears that the file is nowhere on my system.
The distribution is Fedora. The kernel version is:
2.6.18-194.17.1.el5.028stab070.7 i686
The fact that the config.gz isn't there makes me nervous. Is this a configuration problem? Is there something missing from my system? Is there something I need to add or update?
|
|
|
03-08-2014, 02:47 PM
|
#4
|
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348
Rep:
|
The /proc directory contains a virtual file system, and all files within it are generated by the kernel. They can't be anywhere else. The lack of a /proc/config.gz file just means that the Fedora developers (for some unknown reason) decided to turn off that feature. You may be able to locate a copy of the .config file in the /boot directory, though.
2.6.18 is positively ancient (released in December 2003), but is certainly supports the REDIRECT target, unless support was explicitly disabled at compile time. You could be missing a kernel module (xt_REDIRECT.ko in this case). This is more of a Fedora issue than a netfilter/iptables problem.
|
|
1 members found this post helpful.
|
03-08-2014, 03:00 PM
|
#5
|
Member
Registered: Sep 2008
Location: The Netherlands
Distribution: Slackware64 current
Posts: 594
Rep:
|
Probably you just need to load the extra iptables modules search for load iptables modules Fedora.
|
|
1 members found this post helpful.
|
03-08-2014, 08:04 PM
|
#6
|
LQ Newbie
Registered: Sep 2011
Posts: 16
Original Poster
Rep:
|
Thanks, Ser Olmy and Whizje, for your help so far.
I am a real beginner when it comes to matters of these internals. I think I will need a little more info...
How exactly do I search for the modules mentioned? Exactly what modules am I searching for? More importantly, how can I acquire them for my system if (as I suspect) they are not there?
I would also like to upgrade my kernel. The system my distribution is running on is a VM provided by an ISP -- but it is *my* VM and I should be able to update it. Is there a safe way to provide a more up- to- date kernel on it?
|
|
|
03-09-2014, 05:01 AM
|
#7
|
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348
Rep:
|
Modules reside in the /lib/modules/<kernel_version> directory, where <kernel_version> is the version as reported by uname -r. The netfilter modules are in the kernel/net/netfilter subdirectory. In other words, you should look for /lib/modules/2.6.18-194.17.1.el5.028stab070.7/kernel/net/netfilter/xt_REDIRECT.ko.
You could also try modprobe:
Code:
modprobe xt_REDIRECT
It should locate and load the module (and any dependencies) automatically. If it fails, the necessary netfilter modules aren't installed. In that case, you may need to install some .rpm package; I don't know how Fedora handles the distribution of kernel modules.
It seems the recommended method for upgrading a Fedora system is to boot from the installation DVD/ISO and let the installer handle the upgrade process.
|
|
1 members found this post helpful.
|
03-11-2014, 10:20 PM
|
#8
|
LQ Newbie
Registered: Sep 2011
Posts: 16
Original Poster
Rep:
|
Thanks, all!
My problem is, as it turns out, that the ISP I was paying for my VM gave me Fedora 13(!), and an incomplete version at that.
Several modules were missing from it, including the redirect module. I filed several trouble tickets on the problems, and not hearing back from anyone after several days I dumped them for another ISP.
I have other problems now, but they aren't relevant to this one so I am marking this as answered.
Again: thanks all. Without your answers I would not have realized I needed to dump this ISP with their old version of Linux...
|
|
|
All times are GMT -5. The time now is 03:29 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|