我正在努力使用iptable的这个功能:
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
它不起作用,我在netfilter文档和OpernWRT中搜索了但是我没有从这些中找到任何帮助,我收到此错误消息:
iptables v1.4.6: Couldn't load match `socket':File not found
有什么建议吗?
提前致谢。
答案 0 :(得分:1)
找不到档案?你没有在插件目录中安装libxt_socket.so。鉴于它是OpenWRT,其中扩展分为许多发行版级别的包,很可能你没有安装包含套接字扩展的ipkg / opkg包。
编辑:这与内核配置没有任何关系。如果内核模块丢失,则错误为:
iptables: No chain/target/match by that name.
答案 1 :(得分:-1)
请尝试在内核配置中启用NETFILTER_XT_MATCH_SOCKET选项,
配置NETFILTER_XT_MATCH_SOCKET
tristate '"socket" match support (EXPERIMENTAL)'
depends on EXPERIMENTAL
depends on NETFILTER_TPROXY
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED
depends on !NF_CONNTRACK || NF_CONNTRACK
select NF_DEFRAG_IPV4
help
This option adds a `socket' match, which can be used to match
packets for which a TCP or UDP socket lookup finds a valid socket.
It can be used in combination with the MARK target and policy
routing to implement full featured non-locally bound sockets.
To compile it as a module, choose M here. If unsure, say N.