LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 03-27-2003, 11:47 AM   #1
schatoor
Senior Member
 
Registered: Jul 2002
Location: a tiny place caled hendrik ido ambacht in the netherlands
Distribution: SuSE, debian, slackware, lfs
Posts: 1,358

Rep: Reputation: 45
iptables: No chain/target/match by that name


Hi,

I'm trying to configure my firewall on my pc. (so no network, only one machine). I did a whole lot to get it up and running. Here is a summery.

Fist I recompiled my kernel to get iptables support. I have kernel 2.4.20. Here is my .config file for my kernel (relevent parts :



#
# Networking options
#
CONFIG_PACKET=y
# CONFIG_PACKET_MMAP is not set
# CONFIG_NETLINK_DEV is not set
CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
CONFIG_FILTER=y
CONFIG_UNIX=y
CONFIG_INET=y
# CONFIG_IP_MULTICAST is not set
CONFIG_IP_ADVANCED_ROUTER=y
# CONFIG_IP_MULTIPLE_TABLES is not set
# CONFIG_IP_ROUTE_MULTIPATH is not set
# CONFIG_IP_ROUTE_TOS is not set
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_ROUTE_LARGE_TABLES is not set
CONFIG_IP_PNP=y
CONFIG_IP_PNP_DHCP=y
# CONFIG_IP_PNP_BOOTP is not set
# CONFIG_IP_PNP_RARP is not set
# CONFIG_NET_IPIP is not set
# CONFIG_NET_IPGRE is not set
# CONFIG_ARPD is not set
# CONFIG_INET_ECN is not set
# CONFIG_SYN_COOKIES is not set
#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=m
# CONFIG_IP_NF_MATCH_LIMIT is not set
# CONFIG_IP_NF_MATCH_MAC is not set
# CONFIG_IP_NF_MATCH_PKTTYPE is not set
# CONFIG_IP_NF_MATCH_MARK is not set
# CONFIG_IP_NF_MATCH_MULTIPORT is not set
# CONFIG_IP_NF_MATCH_TOS is not set
# CONFIG_IP_NF_MATCH_ECN is not set
# CONFIG_IP_NF_MATCH_DSCP is not set
# CONFIG_IP_NF_MATCH_AH_ESP is not set
# CONFIG_IP_NF_MATCH_LENGTH is not set
# CONFIG_IP_NF_MATCH_TTL is not set
# CONFIG_IP_NF_MATCH_TCPMSS is not set
# CONFIG_IP_NF_MATCH_HELPER is not set
# CONFIG_IP_NF_MATCH_STATE is not set
# CONFIG_IP_NF_MATCH_CONNTRACK is not set
# CONFIG_IP_NF_MATCH_UNCLEAN is not set
# CONFIG_IP_NF_MATCH_OWNER is not set
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
# CONFIG_IP_NF_TARGET_MIRROR is not set
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
# CONFIG_IP_NF_TARGET_MASQUERADE is not set
CONFIG_IP_NF_TARGET_REDIRECT=m
# CONFIG_IP_NF_NAT_LOCAL is not set
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
# CONFIG_IP_NF_TARGET_ECN is not set
# CONFIG_IP_NF_TARGET_DSCP is not set
# CONFIG_IP_NF_TARGET_MARK is not set
CONFIG_IP_NF_TARGET_LOG=m
# CONFIG_IP_NF_TARGET_ULOG is not set
# CONFIG_IP_NF_TARGET_TCPMSS is not set
# CONFIG_IP_NF_ARPTABLES is not set
# CONFIG_IP_NF_COMPAT_IPCHAINS is not set
# CONFIG_IP_NF_COMPAT_IPFWADM is not set
# CONFIG_IPV6 is not set
# CONFIG_KHTTPD is not set
# CONFIG_ATM is not set
# CONFIG_VLAN_8021Q is not set
#
# CONFIG_IPX is not set
# CONFIG_ATALK is not set
#
# Appletalk devices
#
# CONFIG_DECNET is not set
# CONFIG_BRIDGE is not set
# CONFIG_X25 is not set
# CONFIG_LAPB is not set
# CONFIG_LLC is not set
# CONFIG_NET_DIVERT is not set
# CONFIG_ECONET is not set
# CONFIG_WAN_ROUTER is not set
# CONFIG_NET_FASTROUTE is not set
# CONFIG_NET_HW_FLOWCONTROL is not set
#
# QoS and/or fair queueing
#
# CONFIG_NET_SCHED is not set
#
# Network testing
#
# CONFIG_NET_PKTGEN is not set



At fist I coulden't even find the bit where I could get support for iptables. When atlast I did manage to get ip_tables compiled as module, I got unresolved symboles in the module. Any way I fixed that.

After configuring the kernel, I downloaded and installed guarddog. That went ok. But for some reason when I say to applie the rules I just created I get a hole lot of

iptables: No chain/target/match by that name

messages. After that, I can have no network traffic at all. No till I kill the firewall.
Why? I have downloded some howto's (firewall howto, ipchains howto) but the size of those really intimidate me. Can someone help me out ? Sorry if I left any crucial info out of this post. I really am a newbie at this.

I would apreciate any help. Thanks
 
Old 03-27-2003, 10:18 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Sounds more like you're missing some modules, rather than a screwed up firewall script. Use lsmod and make sure that you have modules loaded for the iptables flags and chains. Looking at the modules I have loaded now that are relevent for iptables:

ipt_REJECT
ipt_LOG
ipt_state
ipt_MASQUERADE
iptable_nat
ip_conntrack
iptable_filter
ip_tables

I would bet that you're not loading one or more of them. Narrow down what your missing and make and install the lost modules.

What distro are you using? Most should have iptables support or at least ipchains/ipfwadmin built in out of the box. So it's kind of strange that you had to recompile the kernel just to get support. HTH
 
Old 03-28-2003, 02:41 AM   #3
schatoor
Senior Member
 
Registered: Jul 2002
Location: a tiny place caled hendrik ido ambacht in the netherlands
Distribution: SuSE, debian, slackware, lfs
Posts: 1,358

Original Poster
Rep: Reputation: 45
Thanks for your replie.

I browsed on the internet some more and I came to the same conclusion you did. Right now I have all the modules you summed up except for ipt_MASQUERADE, but i got my firewall up and running none the less. But should I compile ipt_MASQUERADE?

I have a debian woody installation. I had to compile my kernel to get support for some non-standerd hardware (cd recorder, nic interface). But being unexperianced as I am, I didn't include support of netfilter. So when I came round to configure my firewall, I had to recompile the kernel to get support for them after all.
 
Old 03-28-2003, 08:46 AM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Unless you plan on adding machines to a internal LAN, you probably won't ever need the Masquerade module.

Just out of curiousity, did you get your firewall up even with those errors? If so, what did you do.
 
Old 03-29-2003, 06:39 AM   #5
schatoor
Senior Member
 
Registered: Jul 2002
Location: a tiny place caled hendrik ido ambacht in the netherlands
Distribution: SuSE, debian, slackware, lfs
Posts: 1,358

Original Poster
Rep: Reputation: 45
No those errors went away when I compiled and installed some aditional modules.
 
Old 04-01-2003, 03:08 AM   #6
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Unless you're going to produce a super small kernel, set the kernel options for all the netfilter entries to <M> to make them modules.
This way they will load when they are called from the iptables rules & you won't need to manually load them.

There are also options for ipchains amd ipfwadm.
Say <N> for these to avoid problems later.

Debian left these options as modules for people upgrading from 2.2 kernels and who still want to keep their ipchains scripts.
 
Old 01-04-2009, 09:10 PM   #7
Sum1
Member
 
Registered: Jul 2007
Distribution: Slackware and Gentoo
Posts: 238

Rep: Reputation: 25
Quote:
Originally Posted by Capt_Caveman View Post
Sounds more like you're missing some modules


ipt_MASQUERADE

I would bet that you're not loading one or more of them.
Ahh yeah, 5 years later but it's never too late for a sincere thank you!!
So thanks, Mr. Caveman.
I was trying some new firewall options today on a new routerbox, got myself all confused, and finally couldn't make anything work right.

Pulled my hair for a few hours before finding your post.

Very much appreciated.
Now I'm back on track.

Best regards.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables chain modification gizza23 Linux - Networking 2 07-10-2005 05:45 AM
"iptables: No chain/target/match by that name" error PennyroyalFrog Linux - Security 2 11-28-2004 01:57 PM
iptables and LD chain spawing? lode Linux - Networking 8 04-21-2004 03:30 AM
no chain/target/match creznedmick Linux - Networking 1 03-08-2004 04:47 AM
Iptables - Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so: z00t Linux - Security 3 01-26-2004 02:24 AM


All times are GMT -5. The time now is 03:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration