[lug] iptables error

D. Stimits stimits at idcomm.com
Tue Feb 27 11:16:12 MST 2001 

I'm not all that familiar with it yet either, but the errors you show
below are kernel module errors, not directly firewall (it happens that
the kernel modules it can't find are firewall modules). I'm assuming
this is not a default/stock kernel install, and most likely the new
kernel modules for these services are missing. On a different note,
sometimes multiple kernels are bootable, and one of the bootable kernels
has built-in functions, while the others use the same thing as modules;
then the peripheral files, like /etc/modules.conf or conf.modules, try
to use a module that isn't there and it complains (it works anyway,
since the reason the module is missing is because it isn't needed, the
support is compiled in). Basically it looks like this is entirely a
kernel and kernel module issue.

charles at lunarmedia.net wrote:
> 
> I am receiving the following error:
> 
> Firewall script saved as /etc/firestarter/firewall.sh
> modprobe: Can't locate module ip_conntrack
> modprobe: Can't locate module ipt_REDIRECT
> modprobe: Can't locate module ipt_TOS
> modprobe: Can't locate module ipt_MASQUERADE
> modprobe: Can't locate module ipt_MIRROR
> modprobe: Can't locate module iptable_nat
> iptables: No chain/target/match by that name
> Firewall script restarted
> 
> when I attempt to run iptables with the following line in its config:
> 
> $IPT  -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -s 0/0 -d $NET
> --dport 1023:65535 -j ACCEPT
> 
> when i edit this line to no longer include state inspection:
> 
> $IPT  -A INPUT -p tcp -s 0/0 -d $NET --dport 1023:65535 -j ACCEPT
> 
> the error is no longer present and forwarding of packets resumes:
> 
> modprobe: Can't locate module ip_conntrack
> modprobe: Can't locate module ipt_REDIRECT
> modprobe: Can't locate module ipt_TOS
> modprobe: Can't locate module ipt_MASQUERADE
> modprobe: Can't locate module ipt_MIRROR
> modprobe: Can't locate module iptable_nat
> Firewall script restarted
> 
> i am not really familiar with what the "iptables: No chain/target/match by
> that name" error implies. especially since it is easily corrected by the
> removal of the state inspection.
> 
> i am using a gui for the iptables configuration called firestarter. it
> seems pretty stable, and is at the very least a quick way to get an
> iptables config going that can be edited be hand to save some typing time.
> 
> i am just not familiar with iptables enough to know what the no chain
> match error is getting at.
> 
> thanks! -cjm
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list