3

I'm trying to run the following commmand on my Raspbian system

sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 2222 -j DNAT --to-destination 192.168.2.241:22

iptables says:

iptables v1.8.2 (nf_tables): unknown option "--to-destination"
Try `iptables -h' or 'iptables --help' for more information.

Same issue if I change --to-destination to --to.

I'm fairly new to iptables etc, and I haven't been able to track down the issue with internet search.

I understand that at some point iptables is changing into "nf_tables"? Has this already happened in Raspbian? Is that the source of my problem?

user3728501
  • 191
  • 2
  • 8

1 Answers1

1

That exact command works on my RPi with Raspbian 10 Buster.

Perhaps you've got a corrupted installation with some missing files? Or some non-standard settings?

Replace the SD card with a fresh new Raspbian system and try again. It should work, the command is correct.

MLu
  • 23,798
  • 5
  • 54
  • 81
  • What kernel version are you running? – user3728501 May 06 '20 at 01:44
  • It's very strange. I have 3 pi's, all doing slightly different things, but they were burned using the same image about 6 months ago... On one system if I run `sudo /usr/sbin/iptables-legacy` it complains that `--to-destination` is not found. The other two complain that `--dport` is not found. The other two systems both also complain with this error `iptables v1.8.2 (legacy): can't initialize iptables table filter: Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded.` ... what the heck is going on here? – user3728501 May 06 '20 at 02:02
  • Is there any way to reinstall iptables? The only difference I can think of is the origional system I was working on probably has the package iptables-persistant installed, whereas these two others probably do not – user3728501 May 06 '20 at 02:03
  • @user3728501 my kernel is `4.19.97-v7l+`, not sure what’s wrong with yours. – MLu May 06 '20 at 02:07
  • Mine is the same - but get this. I rebooted and now it works. ... a complete wtf moment from me I think ? – user3728501 May 06 '20 at 02:14
  • @user3728501 on the bright side - it works now :) BTW It may be a stretch too far but a broken firewall and inexplicably behaving commands are sometimes a sign of a compromised system. Especially if it suddenly goes away after a reboot. Not sure if that can apply in your case, just saying that it’s a possibility. – MLu May 06 '20 at 02:18
  • That's useful info. Is there any way to know if my system has been comprimised? I guess it could potentially be that. port 22 is open to the external world. – user3728501 May 06 '20 at 13:53
  • There are forensic tools that can be used but it’s much easier to just rebuild it and secure it properly before connecting to the outside world. – MLu May 06 '20 at 20:48
  • Are there any writeups with recommendations? Obviously things like strong passwords, and keep apt updated, but other than that? – user3728501 May 07 '20 at 11:49