[SOLVED] issue: iptables: No chain/target/match by that name

bschulte · 09-19-2011, 03:00 PM

Hello all,

I'm trying to add a rule to copy and forward traffic to a separate machine. I'm following http://www.bjou.de/blog/2008/05/howt...sing-iptables/ to do so. I've installed xtables just fine but I'm getting that error message when I try to write the rule

Code:

iptables -t mangle -A PREROUTING -p udp --dport 9996 -j TEE --gateway <IP of HOST B>

Obviously replacing <IP of HOST B> with an actual IP.

From what I've been reading this error is usually from either a mistake with syntax or a missing kernel module. I'm running an openvz kernel at the moment on CentOS 6. I've tried this rule on the old kernel that was the default after install and it seemed to work just fine. I compared the modules (lsmod | grep ip) between the two kernels and the vz kernel had all of the modules that the original had.

Output of various things that might help (all from the vz kernel)

uname -r:

Code:

2.6.32-042stab036.1

lsmod | grep ip:

Code:

ipt_MASQUERADE          1958  1 
iptable_nat             6204  1 
nf_nat                 23178  3 ipt_MASQUERADE,iptable_nat,vzrst
iptable_mangle          3363  0 
xt_multiport            2682  0 
ipt_REJECT              2397  2 
nf_conntrack_ipv4       9848  5 iptable_nat,nf_nat
nf_defrag_ipv4          1465  1 nf_conntrack_ipv4
iptable_filter          2839  1 
ip_tables              18021  3 iptable_nat,iptable_mangle,iptable_filter
ip6t_REJECT             4677  2 
nf_conntrack_ipv6       8666  2 
nf_defrag_ipv6         12450  1 nf_conntrack_ipv6
nf_conntrack           80758  6 iptable_nat,vzrst,nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state
ip6table_filter         2935  1 
ip6_tables             19616  1 ip6table_filter
ipv6                  325926  42 vzrst,ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6

mrmnemo · 09-19-2011, 07:42 PM

The first question: Did you create the TEE table? If your jumping to TEE; well, it must exist. I dont think TEE is a system level table for iptables. Correct me if I am mistaken / wrong.

Example:
If I have like INPOUT FORWARD OUTPUT and nothing else, jumping to TEE will give "No chain/target/match by that name " .

Whats the output of iptables -vnL?

bschulte · 09-20-2011, 11:39 AM

If I understand things correctly, tee is just an option, not a table. The table I'm trying to add the rule to is the mangle table. Tee just specifies that I want to copy and forward the packet to HOST B.

bschulte · 09-20-2011, 12:02 PM

After some testing I believe I've narrowed it down to xtables (which is a module to allow the tee option) didn't install correctly. I'm able to add a rule with the same parameters as the one in my first post, just without the tee option just fine. Since my new problem now isn't very much related to this one at all, this thread can be considered closed.