LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software > Linux - Kernel
User Name
Password
Linux - Kernel This forum is for all discussion relating to the Linux kernel.

Notices

Reply
 
Search this Thread
Old 08-09-2006, 06:15 AM   #1
tp11235
Member
 
Registered: Feb 2005
Location: Somerset, England
Distribution: Gentoo
Posts: 105
Blog Entries: 1

Rep: Reputation: 15
Question iptables: No chain/target/match by that name - with 2.6.17.7


I have just upgraded to 2.6.17.7. I don't seem to have problems with it. BUT ... when it boots I get three sets of the error

"iptables: No chain/target/match by that name"

one set for each phase of SuSEfirewall's startup process.

The log output for one of the three (they are all the same) is:



Starting Firewall Initialization (phase 2 of 3) Warning: detected activated samba, enabling FW_SERVICE_SMB!
You still have to allow tcp port 139 on internal, dmz and/or external.
Warning: interface dsl0 is not (yet?)
active.
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
done


dsl0 is my modem/router. It works fine. SuSE allows me to go into and restart the Firewall no problem. I tried using the iptables -L command from Konsole and that was fine.

Do I have a problem at all?http://images.linuxquestions.org/que...s/confused.gif

I wondered if it was simply waiting for the dsl0 interface to respond. Throwing out warnings until it got a response and then saying "done" when it was all OK?

I would probably ignore it if it were not iptables involved. I would would be very grateful for advice.

Cheers

Tim.
 
Old 08-09-2006, 02:00 PM   #2
AzrielMacKay
Member
 
Registered: Jul 2001
Location: Moody, AL
Distribution: Debian and Kubuntu
Posts: 249

Rep: Reputation: 30
It sounds like it may be trying to start your firewall before your network is configured. I'm not sure how to change that in suse but you may want to investigate making your firewall script run last after everything else is already configured.
 
Old 08-12-2006, 02:18 PM   #3
jayjwa
Member
 
Registered: Jul 2003
Location: NY
Distribution: None (src & compile)
Posts: 253

Rep: Reputation: 36
The firewall script might be asking iptables to either use a match (-m) or a target (-j TARGET) that has no support in the new kernel. I don't know where SuSE gets its Netfilter stuff from, but if it's using recent patch-o-matic to patch their kernels, then alot of matches and targets are no longer going to be available because the size of POM was cut in half to remove all the extensions that are no longer maintained. If SuSE doesn't use any add-on's, just the basics in the kernel, then I might check in the Netfilter section of the config and see if all is enabled.

You may be able to track down the error better by executing each of the iptables rules in the firewall one (type) by one (type) and see which one errors out.

If you're missing a shared object in /usr/lib/iptables, then you get a different error message than you're getting (about shared objects, no such file, etc) so this isn't likely the reason.
 
Old 08-15-2006, 07:22 AM   #4
tp11235
Member
 
Registered: Feb 2005
Location: Somerset, England
Distribution: Gentoo
Posts: 105
Blog Entries: 1

Original Poster
Rep: Reputation: 15
Thanks both.

I tried starting the firewall later (but there was a limit to how late I wanted it in place)- no change.

I shall try working through the iptables rules. I upgraded the kernel myself, so Patch-O-Matic probably does not apply. Even so it makes a lot of sense that there are elements in the new kernel not recognised.

I am moving towards creating my own firewall script and abandoning SuSE. Their script seems very long and complicated. I would prefer to have a script where I understand the function of every line.

Testing each line is a good way to learn. I'll report back shortly.

Tim.
 
Old 09-15-2006, 03:48 PM   #5
tp11235
Member
 
Registered: Feb 2005
Location: Somerset, England
Distribution: Gentoo
Posts: 105
Blog Entries: 1

Original Poster
Rep: Reputation: 15
To close

I am afraid that I never found the solution. I think my problem was that I had added and modified my SuSE 9.1 installation too much. I have started again and built a Gentoo system, it suits me well.
 
Old 09-19-2006, 12:39 PM   #6
jayjwa
Member
 
Registered: Jul 2003
Location: NY
Distribution: None (src & compile)
Posts: 253

Rep: Reputation: 36
Quote:
Originally Posted by tp11235
I am moving towards creating my own firewall script and abandoning SuSE. Their script seems very long and complicated. I would prefer to have a script where I understand the function of every line.
Same here. I was using a long and complex script from someone else (Arno's Iptables scripts?) and while it did work well as far as I could tell I wanted to know exactly what was going on. I ended up making a script /usr/sbin/firewall, a zsh script that has basic in and out tables, and sends all packets from the outside world thru a table that has a bunch of rules to inspect the packets, oddly enough called 'INSPECT'. It works pretty well, and I even added a command to the case switch inside that handles the commands to save or load old rulesets so the firewall will carry across reboots (using iptables-save, iptables-restore, to /etc/iptables.site). Hosts can be blocked instantly with 'firewall ban <IP address>'. Comes in handy if a spammer is pestering the mailserver.
 
Old 09-29-2006, 04:51 PM   #7
tp11235
Member
 
Registered: Feb 2005
Location: Somerset, England
Distribution: Gentoo
Posts: 105
Blog Entries: 1

Original Poster
Rep: Reputation: 15
All working at last

Sorry for the long delay in replying. I now have a lovely short and simple set of rules in the iptables - just ports 80,21,22,53,631 (my server is a local print server) and 445. That last caused some grief because I had forgotten you need it open for Sambas connections with WinXP clients.

I am a total Gentoo fan now - it is so transparent and simple compared to SuSe. Also, I think it is very standard, because everything seems to work out of the box and all the documentation seems to apply to it. Everything is where the books and web postings say it should be.
 
Old 10-25-2006, 01:47 AM   #8
debic
LQ Newbie
 
Registered: Oct 2006
Posts: 2

Rep: Reputation: 0
i have a question that i can't find an answer.
Question is

In iptables what is the default table for packet filtering.

please fell free to msg me at
snoopdebic@hotmail.com

thanx
 
Old 10-27-2006, 09:45 AM   #9
tp11235
Member
 
Registered: Feb 2005
Location: Somerset, England
Distribution: Gentoo
Posts: 105
Blog Entries: 1

Original Poster
Rep: Reputation: 15
I am afraid that I do not understand the question. What are you trying to do?
 
Old 11-03-2006, 08:02 AM   #10
Krokomotzokal
LQ Newbie
 
Registered: Nov 2006
Posts: 1

Rep: Reputation: 0
Hi,
i have the same problem. My kernel version is 2.6.17. Everything is working until i try to add one more rule to mi firewall script

$IPTABLES -A PREROUTING -i $EXTIF -p tcp --dport 4899 -j DNAT --to x.x.x.x:4899

And when i start iptables service it tells me
Loading new rulesiptables: No chain/target/match by that name
iptables: No chain/target/match by that name

there is no chain PREROUTING in my script excpet this one. First thing i have thought is that i didn't build new chain PREROUTING but i'd built it, i don know where can be the problem. If somebody can help me please
thanks

Last edited by Krokomotzokal; 11-03-2006 at 08:12 AM.
 
Old 03-24-2010, 03:15 AM   #11
levstodd
LQ Newbie
 
Registered: Mar 2010
Posts: 1

Rep: Reputation: 0
if anyone stumbles on this...

I was getting the same error message, and after checking /var/log/syslog, I found that I was simply missing a '}' in /etc/bind/named.conf.local.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables: No chain/target/match by that name schatoor Linux - Networking 6 01-04-2009 10:10 PM
"iptables: No chain/target/match by that name" error PennyroyalFrog Linux - Security 2 11-28-2004 02:57 PM
iptables and LD chain spawing? lode Linux - Networking 8 04-21-2004 04:30 AM
no chain/target/match creznedmick Linux - Networking 1 03-08-2004 05:47 AM
Iptables - Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so: z00t Linux - Security 3 01-26-2004 03:24 AM


All times are GMT -5. The time now is 02:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration