[lug] iptables error

Kevin Fenzi kevin at scrye.com
Tue Feb 27 12:10:52 MST 2001 

>>>>> "charles" == charles  <charles at lunarmedia.net> writes:

charles> I am receiving the following error:

charles> Firewall script saved as /etc/firestarter/firewall.sh
charles> modprobe: Can't locate module ip_conntrack modprobe: Can't
charles> locate module ipt_REDIRECT modprobe: Can't locate module
charles> ipt_TOS modprobe: Can't locate module ipt_MASQUERADE
charles> modprobe: Can't locate module ipt_MIRROR modprobe: Can't
charles> locate module iptable_nat iptables: No chain/target/match by
charles> that name Firewall script restarted

sounds like it's not able to find or load the various iptables
modules. ;( 

Did you compile them as modules? into the kernel? 
what does a 'ls /lib/modules/`uname -r`/net/ipv4/netfilter' show? 
how about lsmod? 

charles> when I attempt to run iptables with the following line in its
charles> config:

charles> $IPT -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -s
charles> 0/0 -d $NET --dport 1023:65535 -j ACCEPT

charles> when i edit this line to no longer include state inspection:

charles> $IPT -A INPUT -p tcp -s 0/0 -d $NET --dport 1023:65535 -j
charles> ACCEPT

charles> the error is no longer present and forwarding of packets
charles> resumes:

right. It needs the ip_conntrack module to figure out whats "RELATED"
or "ESTABLISHED". 

charles> modprobe: Can't locate module ip_conntrack modprobe: Can't
charles> locate module ipt_REDIRECT modprobe: Can't locate module
charles> ipt_TOS modprobe: Can't locate module ipt_MASQUERADE
charles> modprobe: Can't locate module ipt_MIRROR modprobe: Can't
charles> locate module iptable_nat Firewall script restarted

charles> i am not really familiar with what the "iptables: No
charles> chain/target/match by that name" error implies. especially
charles> since it is easily corrected by the removal of the state
charles> inspection.

It means it couldn't load the ip_conntrack module, so the iptables
command cant figure out what a "RELATED" or "ESTABLISHED" match
means, so it can't do it. That rule doesn't go in, it errors with the
"iptables: Nochain/target/match by that name"  error. 

charles> i am using a gui for the iptables configuration called
charles> firestarter. it seems pretty stable, and is at the very least
charles> a quick way to get an iptables config going that can be
charles> edited be hand to save some typing time.

yeah, looks like the issue is not in that but in loading the
ip_conntrack module. 

charles> i am just not familiar with iptables enough to know what the
charles> no chain match error is getting at.

charles> thanks! -cjm

kevin
-- 
Kevin Fenzi
MTS, tummy.com, ltd.
http://www.tummy.com/  KRUD - Kevin's Red Hat Uber Distribution

More information about the LUG mailing list