# Prob con Ettercap e Iptables, forse un Bug.

## ev56o

```

marco m # ettercap -G

ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

Dissector "dns" not supported (etter.conf line 70)

iptables: No chain/target/match by that name.

iptables: No chain/target/match by that name.

iptables: No chain/target/match by that name.

iptables: No chain/target/match by that name.

iptables: No chain/target/match by that name.

iptables: No chain/target/match by that name.

iptables: No chain/target/match by that name.

iptables: No chain/target/match by that name.

iptables: No chain/target/match by that name.

```

a questo punto chiudo l' applicazione normalmente...

```

FATAL: Module ip_tables not found.

iptables v1.4.3.2: can't initialize iptables table `nat': Permission denied (you must be root)

Perhaps iptables or your kernel needs to be upgraded.

FATAL: Module ip_tables not found.

iptables v1.4.3.2: can't initialize iptables table `nat': Permission denied (you must be root)

Perhaps iptables or your kernel needs to be upgraded.

FATAL: Module ip_tables not found.

iptables v1.4.3.2: can't initialize iptables table `nat': Permission denied (you must be root)

Perhaps iptables or your kernel needs to be upgraded.

FATAL: Module ip_tables not found.

iptables v1.4.3.2: can't initialize iptables table `nat': Permission denied (you must be root)

Perhaps iptables or your kernel needs to be upgraded.

FATAL: Module ip_tables not found.

iptables v1.4.3.2: can't initialize iptables table `nat': Permission denied (you must be root)

Perhaps iptables or your kernel needs to be upgraded.

FATAL: Module ip_tables not found.

iptables v1.4.3.2: can't initialize iptables table `nat': Permission denied (you must be root)

Perhaps iptables or your kernel needs to be upgraded.

FATAL: Module ip_tables not found.

iptables v1.4.3.2: can't initialize iptables table `nat': Permission denied (you must be root)

Perhaps iptables or your kernel needs to be upgraded.

FATAL: Module ip_tables not found.

iptables v1.4.3.2: can't initialize iptables table `nat': Permission denied (you must be root)

Perhaps iptables or your kernel needs to be upgraded.

FATAL: Module ip_tables not found.

iptables v1.4.3.2: can't initialize iptables table `nat': Permission denied (you must be root)

Perhaps iptables or your kernel needs to be upgraded.

```

e restituisce quest' output.

----------

## Kernel78

prova a lanciarlo con l'opzione -T invece di -G e vediamo se ti da altre segnalazioni

----------

## ev56o

Sembra non cambiare niente:

```

marco m # ettercap -T

ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

Dissector "dns" not supported (etter.conf line 70)

iptables: No chain/target/match by that name.

iptables: No chain/target/match by that name.

iptables: No chain/target/match by that name.

iptables: No chain/target/match by that name.

iptables: No chain/target/match by that name.

iptables: No chain/target/match by that name.

iptables: No chain/target/match by that name.

iptables: No chain/target/match by that name.

iptables: No chain/target/match by that name.

Listening on eth0... (Ethernet)

  eth0 ->   00:17:31:5C:BF:B0      192.168.0.62     255.255.255.0

Privileges dropped to UID 65534 GID 65534...

  28 plugins

  39 protocol dissectors

  53 ports monitored

7587 mac vendor fingerprint

1698 tcp OS fingerprint

2183 known services

Starting Unified sniffing...

Text only Interface activated...

Hit 'h' for inline help

Fri Mar  5 13:29:30 2010

TCP  192.168.0.62:49386 --> 213.158.72.24:80 | FA

Fri Mar  5 13:29:30 2010

TCP  213.158.72.24:80 --> 192.168.0.62:49386 | RA

Fri Mar  5 13:29:32 2010

TCP  192.168.0.62:46947 --> 204.187.15.12:80 | FA

Fri Mar  5 13:29:33 2010

TCP  192.168.0.62:49387 --> 213.158.72.24:80 | FA

Fri Mar  5 13:29:33 2010

TCP  213.158.72.24:80 --> 192.168.0.62:49387 | RA

Fri Mar  5 13:29:33 2010

TCP  192.168.0.62:46950 --> 204.187.15.12:80 | FA

Fri Mar  5 13:29:37 2010

TCP  192.168.0.62:46957 --> 204.187.15.12:80 | FA

Fri Mar  5 13:29:37 2010

TCP  192.168.0.62:46956 --> 204.187.15.12:80 | FA

Fri Mar  5 13:29:38 2010

TCP  192.168.0.62:46946 --> 204.187.15.12:80 | FA

Fri Mar  5 13:29:40 2010

TCP  192.168.0.62:46951 --> 204.187.15.12:80 | FA

Inline help:

 [vV]      - change the visualization mode

 [pP]      - activate a plugin

 [lL]      - print the hosts list

 [oO]      - print the profiles list

 [cC]      - print the connections list

 [sS]      - print interfaces statistics

 [<space>] - stop/cont printing packets

 [qQ]      - quit

Fri Mar  5 13:29:49 2010

TCP  192.168.0.62:46959 --> 204.187.15.12:80 | FA

Fri Mar  5 13:29:49 2010

TCP  192.168.0.62:46960 --> 204.187.15.12:80 | FA

Fri Mar  5 13:29:50 2010

TCP  192.168.0.62:46955 --> 204.187.15.12:80 | FA

Fri Mar  5 13:29:51 2010

TCP  192.168.0.62:46954 --> 204.187.15.12:80 | FA

Closing text interface...

Unified sniffing was stopped.

FATAL: Module ip_tables not found.

iptables v1.4.3.2: can't initialize iptables table `nat': Permission denied (you must be root)

Perhaps iptables or your kernel needs to be upgraded.

FATAL: Module ip_tables not found.

iptables v1.4.3.2: can't initialize iptables table `nat': Permission denied (you must be root)

Perhaps iptables or your kernel needs to be upgraded.

FATAL: Module ip_tables not found.

iptables v1.4.3.2: can't initialize iptables table `nat': Permission denied (you must be root)

Perhaps iptables or your kernel needs to be upgraded.

FATAL: Module ip_tables not found.

iptables v1.4.3.2: can't initialize iptables table `nat': Permission denied (you must be root)

Perhaps iptables or your kernel needs to be upgraded.

FATAL: Module ip_tables not found.

iptables v1.4.3.2: can't initialize iptables table `nat': Permission denied (you must be root)

Perhaps iptables or your kernel needs to be upgraded.

FATAL: Module ip_tables not found.

iptables v1.4.3.2: can't initialize iptables table `nat': Permission denied (you must be root)

Perhaps iptables or your kernel needs to be upgraded.

FATAL: Module ip_tables not found.

iptables v1.4.3.2: can't initialize iptables table `nat': Permission denied (you must be root)

Perhaps iptables or your kernel needs to be upgraded.

FATAL: Module ip_tables not found.

iptables v1.4.3.2: can't initialize iptables table `nat': Permission denied (you must be root)

Perhaps iptables or your kernel needs to be upgraded.

FATAL: Module ip_tables not found.

iptables v1.4.3.2: can't initialize iptables table `nat': Permission denied (you must be root)

Perhaps iptables or your kernel needs to be upgraded.

```

.

----------

## Kernel78

giusto un paio di domande:

- hai compilato il kernel con il supporto per iptables ?

- lanci il programma da root ?

----------

## ev56o

```

m@marco ~ $ cat /usr/src/conf | grep TABLE

CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y

# CONFIG_RELOCATABLE is not set

CONFIG_CPU_FREQ_TABLE=y

CONFIG_IP_MULTIPLE_TABLES=y

# CONFIG_IPV6_MULTIPLE_TABLES is not set

CONFIG_NETFILTER_XTABLES=y

CONFIG_IP_NF_IPTABLES=y

CONFIG_IP6_NF_IPTABLES=y

CONFIG_INPUT_TABLET=y

# CONFIG_TABLET_USB_ACECAD is not set

# CONFIG_TABLET_USB_AIPTEK is not set

# CONFIG_TABLET_USB_GTCO is not set

# CONFIG_TABLET_USB_KBTAB is not set

# CONFIG_TABLET_USB_WACOM is not set

```

Ho compilato il kernel con il supporto ad iptables e lancio ettercap da root. Il prog iptables sembra funzionare correttamante:

```

marco m # iptables

iptables v1.4.3.2: no command specified

Try `iptables -h' or 'iptables --help' for more information.

```

.

----------

## ago

il problema nasce nel momento in cui togli i commenti in 

```
/etc/etter.conf
```

 e hai un qualcosa del genere: 

```
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
```

ora indipendentemente da ettercap se lanci il tutto su una shell da lo stesso errore, per risolvere il tutto basta fare una modifica nel kernel, quindi avere:

```
CONFIG_IP_NF_TARGET_REDIRECT=m
```

Per fare tutto ciò basta andare a spuntare come modulo:

```
[*] Networking support  --->

      Networking options  ---> 

            [*] Network packet filtering framework (Netfilter)  --->

                  IP: Netfilter Configuration  --->

                        <M>   Full NAT 

                        <M>     REDIRECT target support
```

In più per evitare errori come:

```
FATAL: Module ip_tables not found. 
```

 si dovrebbero tenere i moduli iptables marcati come M e non builtin (*)

----------

## oRDeX

moduli o built-in cambia poco alla fine..basta che se è modulo, questo sia caricato nel momento dell'utilizzo.

dato che l'errore dice proprio che non trova la tabella di "NAT" devi inserire nel kernel appunto questo modulo di iptables che ti fornisce tale tabella.

----------

## ago

 *oRDeX wrote:*   

> moduli o built-in cambia poco alla fine..basta che se è modulo, questo sia caricato nel momento dell'utilizzo.
> 
> dato che l'errore dice proprio che non trova la tabella di "NAT" devi inserire nel kernel appunto questo modulo di iptables che ti fornisce tale tabella.

 

più che altro credo che vada abilitata se stai "nattando" qualcosa no?

probabilmente se il pc fa da router...

----------

