No INPUT chain on nat table in iptables

narnie · 11-02-2011, 07:04 PM

Hello,

I'm having problem with an iptables rule. It seems that on one of two systems on the nat table, the INPUT chain doesn't exist for some strange reason.

I get the error below:

Code:

# iptables -t nat -A INPUT -j ACCEPT
iptables: No chain/target/match by that name.

Here is my kernel on the Linux Mint Debian Edition sytems (based on Debian testing):

Code:

# uname -a
Linux dell-desktop 2.6.32-5-amd64 #1 SMP Mon Mar 7 21:35:22 UTC 2011 x86_64 GNU/Linux

I have two systems that I have installed exactly that same (at least so I thought). Only one will throw the above error. The good system shows:

Code:

# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

However, the offending system shows:

Code:

# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

As far as loaded modules different that I looked for on the good system :

Code:

# lsmod| grep ip
ipt_REJECT             12465  0 
ipt_LOG                12605  0 
ipt_REDIRECT           12471  0 
iptable_mangle         12536  0 
iptable_nat            12928  0 
nf_nat                 18012  2 ipt_REDIRECT,iptable_nat
nf_conntrack_ipv4      18081  3 iptable_nat,nf_nat
nf_conntrack           55903  5 xt_conntrack,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_defrag_ipv4         12483  1 nf_conntrack_ipv4
iptable_filter         12536  0 
ip_tables              21818  3 iptable_mangle,iptable_nat,iptable_filter
x_tables               18839  11 xt_conntrack,ipt_REJECT,ipt_LOG,xt_state,ipt_REDIRECT,xt_tcpudp,xt_owner,iptable_mangle,iptable_nat,iptable_filter,ip_tables

Bad system:

Code:

# lsmod | grep ip
ipt_REJECT              1953  0 
ipt_LOG                 4518  0 
ipt_REDIRECT            1111  0 
iptable_mangle          2817  0 
iptable_nat             4299  0 
nf_nat                 13388  2 ipt_REDIRECT,iptable_nat
nf_conntrack_ipv4       9833  3 iptable_nat,nf_nat
nf_conntrack           46535  4 xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_defrag_ipv4          1139  1 nf_conntrack_ipv4
iptable_filter          2258  0 
ip_tables              13899  3 iptable_mangle,iptable_nat,iptable_filter
x_tables               12845  8 ipt_REJECT,ipt_LOG,xt_state,ipt_REDIRECT,xt_tcpudp,xt_owner,iptable_nat,ip_tables

Good system:

Code:

# lsmod| grep xt
xt_conntrack           12599  0 
xt_state               12503  0 
xt_tcpudp              12527  0 
xt_owner               12423  0 
nf_conntrack           55903  5 xt_conntrack,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
x_tables               18839  11 xt_conntrack,ipt_REJECT,ipt_LOG,xt_state,ipt_REDIRECT,xt_tcpudp,xt_owner,iptable_mangle,iptable_nat,iptable_filter,ip_tables
ext3                  112218  2 
jbd                    41698  1 ext3
mbcache                12930  1 ext3

Bad system:

Code:

# lsmod |grep xt
xt_state                1303  0 
xt_tcpudp               2319  0 
xt_owner                1063  0 
nf_conntrack           46535  4 xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
x_tables               12845  8 ipt_REJECT,ipt_LOG,xt_state,ipt_REDIRECT,xt_tcpudp,xt_owner,iptable_nat,ip_tables
ext3                  106518  2 
jbd                    37085  1 ext3
mbcache                 5050  1 ext3

The only thing different is on the offending system xt_conntrack is not loaded. Manually loading this module does not fix the issue.

Could someone please tell me how to get the INPUT chain on my nat table?

Thanks,
Narnie

Juako · 11-02-2011, 08:42 PM

Quote:

Originally Posted by narnie

Here is my kernel on the Linux Mint Debian Edition sytems (based on Debian testing):

Code:

# uname -a
Linux dell-desktop 2.6.32-5-amd64 #1 SMP Mon Mar 7 21:35:22 UTC 2011 x86_64 GNU/Linux

I don't have it either on my PC, 2.6.35 here too (yeah kinda oldie for my desktop, but video problems with newer kernels made me bounce back for a while).

Check http://serverfault.com/questions/245...n-in-nat-table , seems that it was added after this series.

narnie · 11-03-2011, 03:19 PM

I found my problem. I was getting rid of a broken package with Linux Mint Debian (initramfs-tools, which won't install correctly and is optional) and it took my kernel back from this kernel:

Code:

$ uname -a
Linux gateway-laptop 2.6.38-2-amd64 #1 SMP Sun May 8 13:51:57 UTC 2011 x86_64 GNU/Linux

to the kernel above. In the time between, the INPUT chain has been added to the nat tables.

I'm marking this as solved.

Kind Regards,
Narnie