LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-01-2017, 12:59 PM   #1
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 789

Rep: Reputation: Disabled
No chain/target/match by that name


I am sure I am doing a bonehead move, but I can't figure out why I cannot open up port 1337. Any advise? Thanks
Code:
[Michael@vps2 ~]$ sudo iptables --line -vnL
Chain INPUT (policy DROP 86 packets, 10551 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1      277 29554 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22
2        3   121 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80
3        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443
4        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:1443
5        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:10000
6        4   168 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 307 packets, 39827 bytes)
num   pkts bytes target     prot opt in     out     source               destination
[Michael@vps2 ~]$
[Michael@vps2 ~]$ sudo iptables -I INPUT 6 -i eth0 -p tcp --dport 1337 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables: No chain/target/match by that name.
[Michael@vps2 ~]$ sudo iptables -A INPUT -i eth0 -p tcp --dport 1337 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables: No chain/target/match by that name.
[Michael@vps2 ~]$
 
Old 03-01-2017, 03:23 PM   #2
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375

Rep: Reputation: 217Reputation: 217Reputation: 217
does eth0 definitely exist, just to check. "ip addr show" should confirm it, also what distribution are you using?
 
Old 03-02-2017, 01:48 AM   #3
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 789

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by r3sistance View Post
does eth0 definitely exist, just to check. "ip addr show" should confirm it, also what distribution are you using?
Ah ha, a clue! It is a virtual server hosted by others and operating Centos6. Should I just replace eth0 with venet0? I take it venet0 is just some virtual interface?

Thanks!
Code:
[Michael@vps2 ~]$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/void
    inet 127.0.0.1/32 scope host venet0
    inet 12.34.56.78/32 brd 12.34.56.78 scope global venet0:0
[Michael@vps2 ~]$
 
Old 03-02-2017, 06:45 AM   #4
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375

Rep: Reputation: 217Reputation: 217Reputation: 217
Are you using openvz or something? Not familiar with that.

It looks like the public ip is hosted on venet0:0, so it should be venet0 instead of eth0 by looks of things.
 
Old 03-02-2017, 02:40 PM   #5
GazL
LQ Veteran
 
Registered: May 2008
Posts: 7,053

Rep: Reputation: 5205Reputation: 5205Reputation: 5205Reputation: 5205Reputation: 5205Reputation: 5205Reputation: 5205Reputation: 5205Reputation: 5205Reputation: 5205Reputation: 5205
Unless you're using a really old distro, try replacing -m state --state ... with -m conntrack --ctstate ....

-m state was obsoleted a while back.
 
Old 03-02-2017, 03:31 PM   #6
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375

Rep: Reputation: 217Reputation: 217Reputation: 217
Quote:
Originally Posted by GazL View Post
Unless you're using a really old distro, try replacing -m state --state ... with -m conntrack --ctstate ....

-m state was obsoleted a while back.
Yes, the state module was obsoluted but then the syntax was aliased back to conntrack module and so the old syntax is still perfectly valid.
 
Old 03-02-2017, 03:48 PM   #7
GazL
LQ Veteran
 
Registered: May 2008
Posts: 7,053

Rep: Reputation: 5205Reputation: 5205Reputation: 5205Reputation: 5205Reputation: 5205Reputation: 5205Reputation: 5205Reputation: 5205Reputation: 5205Reputation: 5205Reputation: 5205
Quote:
Originally Posted by r3sistance View Post
Yes, the state module was obsoluted but then the syntax was aliased back to conntrack module and so the old syntax is still perfectly valid.
Ahh, I wasn't aware of that. I can certainly remember having to go through all my rules and change them at one point, but maybe that was just to stop it whining at me.
 
Old 03-02-2017, 04:03 PM   #8
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375

Rep: Reputation: 217Reputation: 217Reputation: 217
I'd personally still use the ctstate method but yeah both are valid. Quick check found the following (just to check I wasn't making this up or mis-remembering)

Quote:
state

The "state" extension is a subset of the "conntrack" module. "state" allows access to the connection tracking state for this packet.
[!] --state state
Where state is a comma separated list of the connection states to match. Only a subset of the states unterstood by "conntrack" are recognized: INVALID, ESTABLISHED, NEW, RELATED or UNTRACKED. For their description, see the "conntrack" heading in this manpage.
http://ipset.netfilter.org/iptables-extensions.man.html
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] iptables: no chain/target/match by that name raducu1605 Linux - Server 3 01-26-2012 05:53 PM
iptables: No chain/target/match by that name serpentor Linux - Server 4 02-05-2009 11:02 AM
iptables: No chain/target/match by that name qanopus Linux - Networking 6 01-04-2009 10:10 PM
no chain/target match by that name slang830 Linux - Security 2 03-19-2007 10:26 AM
no chain/target/match creznedmick Linux - Networking 1 03-08-2004 05:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration