prepare() is used to escape the values for example in the WHERE-statement. Usually it is anticipated the table selection is “hardcoded”. If you can’t use for example $wpdb->posts or the other “table”-functions, you could whitelist the allowed tables and check if $table_name is on this white list:
<?php
$allowed_tables = array( $wpdb->prefix . 'nametbl', $wpdb->prefix . 'nametbl2' );
if( ! in_array( $table_name, $allowed_tables ) )
wp_die( 'Wrong input.' );
$sql = "SELECT * FROM " . $table_name;
?>