Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-01-2017, 12:59 PM
|
#1
|
Member
Registered: Aug 2012
Posts: 789
Rep:
|
No chain/target/match by that name
I am sure I am doing a bonehead move, but I can't figure out why I cannot open up port 1337. Any advise? Thanks
Code:
[Michael@vps2 ~]$ sudo iptables --line -vnL
Chain INPUT (policy DROP 86 packets, 10551 bytes)
num pkts bytes target prot opt in out source destination
1 277 29554 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
2 3 121 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
3 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
4 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1443
5 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
6 4 168 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 307 packets, 39827 bytes)
num pkts bytes target prot opt in out source destination
[Michael@vps2 ~]$
[Michael@vps2 ~]$ sudo iptables -I INPUT 6 -i eth0 -p tcp --dport 1337 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables: No chain/target/match by that name.
[Michael@vps2 ~]$ sudo iptables -A INPUT -i eth0 -p tcp --dport 1337 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables: No chain/target/match by that name.
[Michael@vps2 ~]$
|
|
|
03-01-2017, 03:23 PM
|
#2
|
Senior Member
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375
|
does eth0 definitely exist, just to check. "ip addr show" should confirm it, also what distribution are you using?
|
|
|
03-02-2017, 01:48 AM
|
#3
|
Member
Registered: Aug 2012
Posts: 789
Original Poster
Rep:
|
Quote:
Originally Posted by r3sistance
does eth0 definitely exist, just to check. "ip addr show" should confirm it, also what distribution are you using?
|
Ah ha, a clue! It is a virtual server hosted by others and operating Centos6. Should I just replace eth0 with venet0? I take it venet0 is just some virtual interface?
Thanks!
Code:
[Michael@vps2 ~]$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/void
inet 127.0.0.1/32 scope host venet0
inet 12.34.56.78/32 brd 12.34.56.78 scope global venet0:0
[Michael@vps2 ~]$
|
|
|
03-02-2017, 06:45 AM
|
#4
|
Senior Member
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375
|
Are you using openvz or something? Not familiar with that.
It looks like the public ip is hosted on venet0:0, so it should be venet0 instead of eth0 by looks of things.
|
|
|
03-02-2017, 02:40 PM
|
#5
|
LQ Veteran
Registered: May 2008
Posts: 7,053
|
Unless you're using a really old distro, try replacing -m state --state ... with -m conntrack --ctstate ....
-m state was obsoleted a while back.
|
|
|
03-02-2017, 03:31 PM
|
#6
|
Senior Member
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375
|
Quote:
Originally Posted by GazL
Unless you're using a really old distro, try replacing -m state --state ... with -m conntrack --ctstate ....
-m state was obsoleted a while back.
|
Yes, the state module was obsoluted but then the syntax was aliased back to conntrack module and so the old syntax is still perfectly valid.
|
|
|
03-02-2017, 03:48 PM
|
#7
|
LQ Veteran
Registered: May 2008
Posts: 7,053
|
Quote:
Originally Posted by r3sistance
Yes, the state module was obsoluted but then the syntax was aliased back to conntrack module and so the old syntax is still perfectly valid.
|
Ahh, I wasn't aware of that. I can certainly remember having to go through all my rules and change them at one point, but maybe that was just to stop it whining at me.
|
|
|
03-02-2017, 04:03 PM
|
#8
|
Senior Member
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375
|
I'd personally still use the ctstate method but yeah both are valid. Quick check found the following (just to check I wasn't making this up or mis-remembering)
Quote:
state
The "state" extension is a subset of the "conntrack" module. "state" allows access to the connection tracking state for this packet.
[!] --state state
Where state is a comma separated list of the connection states to match. Only a subset of the states unterstood by "conntrack" are recognized: INVALID, ESTABLISHED, NEW, RELATED or UNTRACKED. For their description, see the "conntrack" heading in this manpage.
|
http://ipset.netfilter.org/iptables-extensions.man.html
|
|
1 members found this post helpful.
|
All times are GMT -5. The time now is 08:01 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|