[lug] iptables error
charles at lunarmedia.net
charles at lunarmedia.net
Tue Feb 27 11:50:47 MST 2001
> I'm not all that familiar with it yet either, but the errors you show
> below are kernel module errors, not directly firewall (it happens that
actually, the error i was referring to was the
iptables: No chain/target/match by that name
i am guessing that its getting the errors from insmod because i don't have
those modules compiled into the kernel, yet the firewall script attempts
to load them. the result of a script written that tries to apply to
everyone's individual scenario.
i could be wrong, but i think these errors are okay.
i just don't see why the no chain/target/match error is occurring. and
more importantly, why it goes away when i remove the match params of the
chains.
-cjm
###
> the kernel modules it can't find are firewall modules). I'm assuming
> this is not a default/stock kernel install, and most likely the new
> kernel modules for these services are missing. On a different note,
> sometimes multiple kernels are bootable, and one of the bootable kernels
> has built-in functions, while the others use the same thing as modules;
> then the peripheral files, like /etc/modules.conf or conf.modules, try
> to use a module that isn't there and it complains (it works anyway,
> since the reason the module is missing is because it isn't needed, the
> support is compiled in). Basically it looks like this is entirely a
> kernel and kernel module issue.
>
> charles at lunarmedia.net wrote:
> >
> > I am receiving the following error:
> >
> > Firewall script saved as /etc/firestarter/firewall.sh
> > modprobe: Can't locate module ip_conntrack
> > modprobe: Can't locate module ipt_REDIRECT
> > modprobe: Can't locate module ipt_TOS
> > modprobe: Can't locate module ipt_MASQUERADE
> > modprobe: Can't locate module ipt_MIRROR
> > modprobe: Can't locate module iptable_nat
> > iptables: No chain/target/match by that name
> > Firewall script restarted
> >
> > when I attempt to run iptables with the following line in its config:
> >
> > $IPT -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -s 0/0 -d $NET
> > --dport 1023:65535 -j ACCEPT
> >
> > when i edit this line to no longer include state inspection:
> >
> > $IPT -A INPUT -p tcp -s 0/0 -d $NET --dport 1023:65535 -j ACCEPT
> >
> > the error is no longer present and forwarding of packets resumes:
> >
> > modprobe: Can't locate module ip_conntrack
> > modprobe: Can't locate module ipt_REDIRECT
> > modprobe: Can't locate module ipt_TOS
> > modprobe: Can't locate module ipt_MASQUERADE
> > modprobe: Can't locate module ipt_MIRROR
> > modprobe: Can't locate module iptable_nat
> > Firewall script restarted
> >
> > i am not really familiar with what the "iptables: No chain/target/match by
> > that name" error implies. especially since it is easily corrected by the
> > removal of the state inspection.
> >
> > i am using a gui for the iptables configuration called firestarter. it
> > seems pretty stable, and is at the very least a quick way to get an
> > iptables config going that can be edited be hand to save some typing time.
> >
> > i am just not familiar with iptables enough to know what the no chain
> > match error is getting at.
> >
> > thanks! -cjm
> >
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>
More information about the LUG
mailing list