我只向通过 OUTPUT 链的 LOG 数据包添加了一些规则,但根本没有任何内容通过 NAT 表。从这里的 NAT 表链计数器可以清楚地看出(计数器为零):
sudo iptables-save
# Generated by iptables-save v1.8.4 on Tue Feb 13 03:49:55 2024
*raw
:PREROUTING ACCEPT [197:319667]
:OUTPUT ACCEPT [178:12147]
COMMIT
# Completed on Tue Feb 13 03:49:55 2024
# Generated by iptables-save v1.8.4 on Tue Feb 13 03:49:55 2024
*mangle
:PREROUTING ACCEPT [197:319667]
:INPUT ACCEPT [197:319667]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [178:12147]
:POSTROUTING ACCEPT [178:12147]
COMMIT
# Completed on Tue Feb 13 03:49:55 2024
# Generated by iptables-save v1.8.4 on Tue Feb 13 03:49:55 2024
*filter
:INPUT ACCEPT [1491:3438016]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1687:231563]
-A OUTPUT -j LOG --log-prefix "SEP [filter-OUTPUT] "
COMMIT
# Completed on Tue Feb 13 03:49:55 2024
# Generated by iptables-save v1.8.4 on Tue Feb 13 03:49:55 2024
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:test - [0:0]
-A OUTPUT -j LOG --log-prefix "SEP [nat-OUTPUT] "
COMMIT
# Completed on Tue Feb 13 03:49:55 2024
我还启用了 ipv4 ip 转发,如下所示:
sudo sysctl -w net.ipv4.ip_forward=1
但问题仍然存在。