Início / unix / Perguntas / 780570
Accepted
parsley72
Asked: 2024-07-22 12:18:55 +0800 CST

Como posso compartilhar a Internet do modem LTE por Wifi?

  • 772

Eu configurei meu modem LTE com NetworkManager/ModemManager e está funcionando bem. Também configurei o Wifi como ponto de acesso no NetworkManager com DHCP.

Mas como posso compartilhar o acesso à Internet do modem LTE via Wifi? Habilitei o encaminhamento de IP ( echo 1 > /proc/sys/net/ipv4/ip_forward), o que mais há?

# ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:12946 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12946 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1297231 (1.2 MiB)  TX bytes:1297231 (1.2 MiB)

wlan0     Link encap:Ethernet  HWaddr E8:4F:25:DD:BD:51
          inet addr:10.42.0.1  Bcast:10.42.0.255  Mask:255.255.255.0
          inet6 addr: fe80::ea4f:25ff:fedd:bd51/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:77 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:12101 (11.8 KiB)

wwan0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:100.72.254.176  P-t-P:100.72.254.176  Mask:255.255.255.224
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:1808 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2176 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:356293 (347.9 KiB)  TX bytes:261384 (255.2 KiB)

# ip route
default via 100.72.254.177 dev wwan0  metric 700
10.42.0.0/24 dev wlan0 scope link  src 10.42.0.1  metric 600
100.72.254.160/27 dev wwan0 scope link  src 100.72.254.176  metric 700

O DHCP para o Wifi é feito pelo NetworkManager iniciando o dnsmasq com parâmetros padrão:

# ps -eF | grep dnsmasq
nobody      1104     606  0  1285  2444   0 09:05 ?        00:00:00 /usr/bin/dnsmasq --conf-file=/dev/null --no-hosts --keep-in-foreground --bind-interfaces --except-interface=lo --clear-on-reload --strict-order --listen-address=10.42.0.1 --dhcp-range=10.42.0.10,10.42.0.254,60m --dhcp-lease-max=50 --dhcp-leasefile=/var/lib/NetworkManager/dnsmasq-wlan0.leases --pid-file=/var/run/nm-dnsmasq-wlan0.pid --conf-dir=/etc/NetworkManager/dnsmasq-shared.d

ref NetworkManager e intervalo de endereços dnsmasq dhcp ).

# cat /etc/NetworkManager/system-connections/ap.nmconnection
[connection]
id=ap
uuid=3205b229-8c4d-4766-8d63-bcd949d03321
type=wifi
autoconnect=false
interface-name=wlan0

[wifi]
band=bg
channel=1
mode=ap
ssid=MySSID

[wifi-security]
group=ccmp;
key-mgmt=wpa-psk
pairwise=ccmp;
proto=rsn;
psk=MyPSK

[ipv4]
method=shared

[ipv6]
addr-gen-mode=stable-privacy
method=ignore

[proxy]

Um colega sugeriu https://github.com/oblique/create_ap . Tentei as opções NAT e bridge, mas ambas falharam.

NAT:

# create_ap -w 2 wlan0 wwan0 APTest 12345678
WARN: brmfmac driver doesn't work properly with virtual interfaces and
      it can cause kernel panic. For this reason we disallow virtual
      interfaces for your adapter.
      For more info: https://github.com/oblique/create_ap/issues/203
WARN: Your adapter does not fully support AP virtual interface, enabling --no-virt
Config dir: /tmp/create_ap.wlan0.conf.XX59Vdf8
PID: 537195
Network Manager found, set wlan0 as unmanaged device... [46988.754925] ieee80211 phy1: brcmf_set_pmk: failed to change PSK in firmware (len=0)
[46988.784848] ieee80211 phy1: brcmf_vif_set_mgmt_ie: vndr ie set error : -52
[46988.792027] ieee80211 phy1: brcmf_vif_set_mgmt_ie: vndr ie set error : -52
DONE
Sharing Internet using method: nat
iptables v1.8.7 (legacy): unknown option "--to-ports"
Try `iptables -h' or 'iptables --help' for more information.

Doing cleanup.. done

Ponte:

# create_ap -w 2 -m bridge wlan0 wwan0 APTest 12345678
WARN: brmfmac driver doesn't work properly with virtual interfaces and
      it can cause kernel panic. For this reason we disallow virtual
      interfaces for your adapter.
      For more info: https://github.com/oblique/create_ap/issues/203
WARN: Your adapter does not fully support AP virtual interface, enabling --no-virt
Config dir: /tmp/create_ap.wlan0.conf.XXgGPNON
PID: 540585
Network Manager found, set wlan0 as unmanaged device... DONE
Sharing Internet using method: bridge
Create a bridge interface... ip: RTNETLINK answers: Operation not supported
networkmanager

2 respostas

  1. Para IPv4, as peças que você precisa são:

    • Acesse o ponto de acesso WiFi (você o tem)
    • Encaminhamento IPv4 (você o ativou)
    • Dispositivo WAN configurado (você o possui)
    • NAT entre o ponto de acesso WIFI e WAN (você não mencionou isso).

    O que é um NAT e por que você precisa de um?

    Em toda a Internet, todos os endereços IP são registrados (em blocos) na IANA . A própria Internet organiza o roteamento para cada [bloco] de endereço IP registrado, de modo que o endereço IP sozinho informa a cada roteador para onde encaminhar os pacotes.

    Mas o endereço IP da sua rede local (10.42.0.x no seu caso) não está registrado na IANA e os roteadores da Internet não sabem como encontrá-lo. De qualquer forma, você não possui esse endereço, mas ele está reservado para qualquer pessoa usar dessa forma.

    A Tradução de Endereço de Rede troca o endereço IP local nos pacotes de saída pelo endereço IP [público] do próprio roteador para que os servidores na Internet vejam o endereço IP público do roteador, e não o endereço IP da rede local de um dispositivo. O roteador então faz a troca reversa dos pacotes recebidos antes de enviá-los de volta aos dispositivos locais.

    Configurando um NAT com iptables

    Não se esqueça que você pode precisar sudoe não se esqueça que o iptables não salva na reinicialização normalmente. Instruções sobre como persistir regras de iptables no Ubuntu podem ser encontradas aqui: https://askubuntu.com/questions/84781/iptables-resets-when-server-reboots

    A regra do iptables:

    iptables -t nat -A POSTROUTING -i wlan0 -o wwan0 -j MASQUERADE
    • 1
  2. Best Answer

    Seguindo https://community.unix.com/t/iptables-v1-8-7-nf-tables-unknown-option-to-ports/385377/7 , adicionei straceao meu dispositivo:

    # strace iptables -A OUTPUT -m owner --uid 0
execve("/usr/sbin/iptables", ["iptables", "-A", "OUTPUT", "-m", "owner", "--uid", "0"], 0x7ffa7423d0 /* 29 vars */) = 0
brk(NULL)                               = 0x55a5afa000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8502f000
faccessat(AT_FDCWD, "/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=32961, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 32961, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f85026000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/libip4tc.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=31152, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 160296, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f84fd1000
mmap(0x7f84fe0000, 94760, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7f84fe0000
munmap(0x7f84fd1000, 61440)             = 0
munmap(0x7f84ff8000, 552)               = 0
mprotect(0x7f84fe7000, 61440, PROT_NONE) = 0
mmap(0x7f84ff6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f84ff6000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/libip6tc.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=31152, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 160296, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f84fb8000
mmap(0x7f84fc0000, 94760, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7f84fc0000
munmap(0x7f84fb8000, 32768)             = 0
munmap(0x7f84fd8000, 29224)             = 0
mprotect(0x7f84fc7000, 61440, PROT_NONE) = 0
mmap(0x7f84fd6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f84fd6000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/libxtables.so.12", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=59304, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 199720, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f84f8f000
mmap(0x7f84f90000, 134184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7f84f90000
munmap(0x7f84f8f000, 4096)              = 0
munmap(0x7f84fb1000, 60456)             = 0
mprotect(0x7f84f9e000, 61440, PROT_NONE) = 0
mmap(0x7f84fad000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd000) = 0x7f84fad000
mmap(0x7f84faf000, 7208, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f84faf000
close(3)                                = 0
openat(AT_FDCWD, "/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0@\264\2\0\0\0\0\0"..., 832) = 832
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0/\267c\324\361R\25\177\n\177\26\327\322\277\4\211"..., 68, 768) = 68
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=1630088, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 1805328, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f84dd7000
mmap(0x7f84de0000, 1739792, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7f84de0000
munmap(0x7f84dd7000, 36864)             = 0
munmap(0x7f84f89000, 27664)             = 0
mprotect(0x7f84f68000, 61440, PROT_NONE) = 0
mmap(0x7f84f77000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x187000) = 0x7f84f77000
mmap(0x7f84f7d000, 48144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f84f7d000
close(3)                                = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f85024000
set_tid_address(0x7f850240f0)           = 25050
set_robust_list(0x7f85024100, 24)       = 0
rseq(0x7f850247c0, 0x20, 0, 0xd428bc00) = 0
mprotect(0x7f84f77000, 12288, PROT_READ) = 0
mprotect(0x7f84fad000, 4096, PROT_READ) = 0
mprotect(0x7f84fd6000, 4096, PROT_READ) = 0
mprotect(0x7f84ff6000, 4096, PROT_READ) = 0
mprotect(0x557a8bc000, 4096, PROT_READ) = 0
mprotect(0x7f85033000, 8192, PROT_READ) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
munmap(0x7f85026000, 32961)             = 0
newfstatat(AT_FDCWD, "/usr/lib/xtables/libipt_owner.so", 0x7fdac3dc78, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/xtables/libxt_owner.so", {st_mode=S_IFREG|0755, st_size=18904, ...}, 0) = 0
getrandom("\x89\xee\xcc\x55\xdc\x6d\x75\xd8", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55a5afa000
brk(0x55a5b1b000)                       = 0x55a5b1b000
openat(AT_FDCWD, "/usr/lib/xtables/libxt_owner.so", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=18904, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 148048, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f84dbb000
mmap(0x7f84dc0000, 82512, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7f84dc0000
munmap(0x7f84dbb000, 20480)             = 0
munmap(0x7f84dd5000, 41552)             = 0
mprotect(0x7f84dc3000, 65536, PROT_NONE) = 0
mmap(0x7f84dd3000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f84dd3000
close(3)                                = 0
mprotect(0x7f84dd3000, 4096, PROT_READ) = 0
socket(AF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
newfstatat(AT_FDCWD, "/proc/net/ip_tables_names", {st_mode=S_IFREG|0440, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
statfs("/proc/net/ip_tables_names", {f_type=PROC_SUPER_MAGIC, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_NOSUID|ST_NODEV|ST_NOEXEC|ST_RELATIME}) = 0
getsockopt(3, SOL_IP, IPT_SO_GET_REVISION_MATCH, 0x7fdac3db68, [30]) = -1 ENOENT (No such file or directory)
close(3)                                = 0
socket(AF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
getsockopt(3, SOL_IP, IPT_SO_GET_REVISION_MATCH, 0x7fdac3db68, [30]) = -1 ENOENT (No such file or directory)
close(3)                                = 0
write(2, "iptables v1.8.7 (legacy): ", 26iptables v1.8.7 (legacy): ) = 26
write(2, "Couldn't load match `owner':No s"..., 54Couldn't load match `owner':No such file or directory
) = 54
write(2, "\n", 1
)                       = 1
write(2, "Try `iptables -h' or 'iptables -"..., 61Try `iptables -h' or 'iptables --help' for more information.
) = 61
exit_group(2)                           = ?
+++ exited with 2 +++

    Parece que estamos desaparecidos /usr/lib/xtables/libipt_owner.so. https://forums.gentoo.org/viewtopic-t-754259-start-0.html sugere que isso requer, CONFIG_NETFILTER_XT_MATCH_OWNER=mentão tentei isso:

    # iptables -A OUTPUT -m owner --uid 0

    Curiosamente, ao executar straceo comando de trabalho, a linha que muda é getsockoptde:

    newfstatat(AT_FDCWD, "/proc/net/ip_tables_names", {st_mode=S_IFREG|0440, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
statfs("/proc/net/ip_tables_names", {f_type=PROC_SUPER_MAGIC, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_NOSUID|ST_NODEV|ST_NOEXEC|ST_RELATIME}) = 0
getsockopt(3, SOL_IP, IPT_SO_GET_REVISION_MATCH, 0x7fdac3db68, [30]) = -1 ENOENT (No such file or directory)

    para:

    newfstatat(AT_FDCWD, "/proc/net/ip_tables_names", {st_mode=S_IFREG|0440, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
statfs("/proc/net/ip_tables_names", {f_type=PROC_SUPER_MAGIC, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_NOSUID|ST_NODEV|ST_NOEXEC|ST_RELATIME}) = 0
getsockopt(3, SOL_IP, IPT_SO_GET_REVISION_MATCH, "owner\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1", [30]) = 0

    O NAT ainda falha, então tente {{strace}} novamente:

    # strace iptables -w -t nat -I PREROUTING -s 192.168.12.0/24 -d 192.168.12.1 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 5353
execve("/usr/sbin/iptables", ["iptables", "-w", "-t", "nat", "-I", "PREROUTING", "-s", "192.168.12.0/24", "-d", "192.168.12.1", "-p", "tcp", "-m", "tcp", "--dport", "53", "-j", "REDIRECT", "--to-ports", "5353"], 0x7ff90c7de8 /* 29 vars */) = 0
brk(NULL)                               = 0x55b6039000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4e97000
faccessat(AT_FDCWD, "/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=32961, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 32961, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fb4e8e000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/libip4tc.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=31152, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 160296, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4e39000
mmap(0x7fb4e40000, 94760, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fb4e40000
munmap(0x7fb4e39000, 28672)             = 0
munmap(0x7fb4e58000, 33320)             = 0
mprotect(0x7fb4e47000, 61440, PROT_NONE) = 0
mmap(0x7fb4e56000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7fb4e56000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/libip6tc.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=31152, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 160296, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4e18000
mmap(0x7fb4e20000, 94760, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fb4e20000
munmap(0x7fb4e18000, 32768)             = 0
munmap(0x7fb4e38000, 29224)             = 0
mprotect(0x7fb4e27000, 61440, PROT_NONE) = 0
mmap(0x7fb4e36000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7fb4e36000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/libxtables.so.12", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=59304, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 199720, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4def000
mmap(0x7fb4df0000, 134184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fb4df0000
munmap(0x7fb4def000, 4096)              = 0
munmap(0x7fb4e11000, 60456)             = 0
mprotect(0x7fb4dfe000, 61440, PROT_NONE) = 0
mmap(0x7fb4e0d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd000) = 0x7fb4e0d000
mmap(0x7fb4e0f000, 7208, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fb4e0f000
close(3)                                = 0
openat(AT_FDCWD, "/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0@\264\2\0\0\0\0\0"..., 832) = 832
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0/\267c\324\361R\25\177\n\177\26\327\322\277\4\211"..., 68, 768) = 68
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=1630088, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 1805328, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4c37000
mmap(0x7fb4c40000, 1739792, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fb4c40000
munmap(0x7fb4c37000, 36864)             = 0
munmap(0x7fb4de9000, 27664)             = 0
mprotect(0x7fb4dc8000, 61440, PROT_NONE) = 0
mmap(0x7fb4dd7000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x187000) = 0x7fb4dd7000
mmap(0x7fb4ddd000, 48144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fb4ddd000
close(3)                                = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4e8c000
set_tid_address(0x7fb4e8c0f0)           = 83953
set_robust_list(0x7fb4e8c100, 24)       = 0
rseq(0x7fb4e8c7c0, 0x20, 0, 0xd428bc00) = 0
mprotect(0x7fb4dd7000, 12288, PROT_READ) = 0
mprotect(0x7fb4e0d000, 4096, PROT_READ) = 0
mprotect(0x7fb4e36000, 4096, PROT_READ) = 0
mprotect(0x7fb4e56000, 4096, PROT_READ) = 0
mprotect(0x558371f000, 4096, PROT_READ) = 0
mprotect(0x7fb4e9b000, 8192, PROT_READ) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
munmap(0x7fb4e8e000, 32961)             = 0
getrandom("\xfa\xf8\xa1\x00\x5e\xc6\xd6\x38", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55b6039000
brk(0x55b605a000)                       = 0x55b605a000
newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=482, ...}, 0) = 0
newfstatat(AT_FDCWD, "/", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0
openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=482, ...}, AT_EMPTY_PATH) = 0
read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 482
read(3, "", 4096)                       = 0
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=482, ...}, AT_EMPTY_PATH) = 0
close(3)                                = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=32961, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 32961, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fb4e8e000
close(3)                                = 0
openat(AT_FDCWD, "/lib/tls/aarch64/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/tls/aarch64", 0x7fe4e67730, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/tls/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/tls", 0x7fe4e67730, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/aarch64/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/aarch64", 0x7fe4e67730, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/tls/aarch64/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/tls/aarch64", 0x7fe4e67730, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/tls/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/tls", 0x7fe4e67730, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/aarch64/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/aarch64", 0x7fe4e67730, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib", {st_mode=S_IFDIR|0755, st_size=32768, ...}, 0) = 0
munmap(0x7fb4e8e000, 32961)             = 0
openat(AT_FDCWD, "/etc/protocols", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=2932, ...}, AT_EMPTY_PATH) = 0
lseek(3, 0, SEEK_SET)                   = 0
read(3, "# Internet (IP) protocols\n#\n# Up"..., 4096) = 2932
close(3)                                = 0
newfstatat(AT_FDCWD, "/usr/lib/xtables/libipt_tcp.so", 0x7fe4e68508, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/xtables/libxt_tcp.so", {st_mode=S_IFREG|0755, st_size=14424, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/xtables/libxt_tcp.so", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=14424, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 143568, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4c1c000
mmap(0x7fb4c20000, 78032, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fb4c20000
munmap(0x7fb4c1c000, 16384)             = 0
munmap(0x7fb4c34000, 45264)             = 0
mprotect(0x7fb4c23000, 61440, PROT_NONE) = 0
mmap(0x7fb4c32000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7fb4c32000
close(3)                                = 0
mprotect(0x7fb4c32000, 4096, PROT_READ) = 0
socket(AF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
newfstatat(AT_FDCWD, "/proc/net/ip_tables_names", {st_mode=S_IFREG|0440, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
statfs("/proc/net/ip_tables_names", {f_type=PROC_SUPER_MAGIC, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_NOSUID|ST_NODEV|ST_NOEXEC|ST_RELATIME}) = 0
getsockopt(3, SOL_IP, IPT_SO_GET_REVISION_MATCH, "tcp\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", [30]) = 0
close(3)                                = 0
newfstatat(AT_FDCWD, "/usr/lib/xtables/libipt_REDIRECT.so", {st_mode=S_IFREG|0755, st_size=10344, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/xtables/libipt_REDIRECT.so", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=10344, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 139480, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4bfd000
mmap(0x7fb4c00000, 73944, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fb4c00000
munmap(0x7fb4bfd000, 12288)             = 0
munmap(0x7fb4c13000, 49368)             = 0
mprotect(0x7fb4c02000, 61440, PROT_NONE) = 0
mmap(0x7fb4c11000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7fb4c11000
close(3)                                = 0
mprotect(0x7fb4c11000, 4096, PROT_READ) = 0
socket(AF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
getsockopt(3, SOL_IP, IPT_SO_GET_REVISION_TARGET, 0x7fe4e683e8, [30]) = -1 ENOENT (No such file or directory)
close(3)                                = 0
write(2, "iptables v1.8.7 (legacy): ", 26iptables v1.8.7 (legacy): ) = 26
write(2, "unknown option \"--to-ports\"", 27unknown option "--to-ports") = 27
write(2, "\n", 1
)                       = 1
write(2, "Try `iptables -h' or 'iptables -"..., 61Try `iptables -h' or 'iptables --help' for more information.
) = 61
exit_group(2)                           = ?
+++ exited with 2 +++

    Anteriormente tivemos uma falha com IPT_SO_GET_REVISION_MATCH, agora é IPT_SO_GET_REVISION_TARGET. Procurei o uso disso na fonte Linux para v5.4.238: https://elixir.bootlin.com/linux/v5.4.238/C/ident/IPT_SO_GET_REVISION_TARGET Eles são usados ​​na mesma função. Também notei que se você correr sem --to-portsobter:

    # iptables -w -t nat -I PREROUTING -s 192.168.12.0/24 -d 192.168.12.1 -p tcp -m tcp --dport 53 -j REDIRECT
iptables v1.8.7 (legacy): Couldn't load target `REDIRECT':No such file or directory

    So if adding CONFIG_NETFILTER_XT_MATCH_OWNER fixed IPT_SO_GET_REVISION_MATCH, would adding CONFIG_NETFILTER_XT_TARGET_REDIRECT fix IPT_SO_GET_REVISION_TARGET?

    Yes it does, NAT method now works.

    • 0

relate perguntas