| View previous topic :: View next topic |
| Author |
Message |
saepia
n00b
Joined: 12 Sep 2004
Posts: 42
Location: Krakow or Szczecin @ Poland (Europe)
|
 Posted: Tue Apr 15, 2008 3:57 am Post subject: [SOLVED] iptables does not recognize --dport |
 |
|
Hi, my iptables does not recognize --dport parameter. I use version 1.4.0 and successfully created a masquerade. Now, I want to forward some ports, but I've realized that my iptables doesn't like one of parameters.
Here's an example:
| Code: |
asdg ~ # iptables -A INPUT -p tcp --dport 1234
iptables: No chain/target/match by that name
|
Configuration:
| Code: |
asdg ~ # lsmod
Module Size Used by
ipt_MASQUERADE 6656 1
iptable_nat 9476 1
nf_nat 18732 2 ipt_MASQUERADE,iptable_nat
nf_conntrack_ipv4 16264 2 iptable_nat
nf_conntrack 50120 4 ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4
nfnetlink 8088 3 nf_nat,nf_conntrack_ipv4,nf_conntrack
iptable_filter 6400 0
ip_tables 13380 2 iptable_nat,iptable_filter
x_tables 14084 3 ipt_MASQUERADE,iptable_nat,ip_tables
usb_storage 36224 0
|
| Code: |
asdg ~ # uname -r
2.6.23-gentoo-r8
|
| Code: |
asdg ~ # cat /usr/src/linux/.config | grep IPT
CONFIG_IP_NF_IPTABLES=m
# CONFIG_IP6_NF_IPTABLES is not set
asdg ~ # cat /usr/src/linux/.config | grep NETFILTER
CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
CONFIG_NETFILTER_NETLINK=m
CONFIG_NETFILTER_NETLINK_QUEUE=m
CONFIG_NETFILTER_NETLINK_LOG=m
CONFIG_NETFILTER_XTABLES=m
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
CONFIG_NETFILTER_XT_TARGET_DSCP=m
CONFIG_NETFILTER_XT_TARGET_MARK=m
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
CONFIG_NETFILTER_XT_TARGET_NFLOG=m
# CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
CONFIG_NETFILTER_XT_MATCH_COMMENT=m
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m
CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
CONFIG_NETFILTER_XT_MATCH_DCCP=m
CONFIG_NETFILTER_XT_MATCH_DSCP=m
CONFIG_NETFILTER_XT_MATCH_ESP=m
CONFIG_NETFILTER_XT_MATCH_HELPER=m
CONFIG_NETFILTER_XT_MATCH_LENGTH=m
CONFIG_NETFILTER_XT_MATCH_LIMIT=m
CONFIG_NETFILTER_XT_MATCH_MAC=m
CONFIG_NETFILTER_XT_MATCH_MARK=m
CONFIG_NETFILTER_XT_MATCH_POLICY=m
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
CONFIG_NETFILTER_XT_MATCH_QUOTA=m
CONFIG_NETFILTER_XT_MATCH_REALM=m
CONFIG_NETFILTER_XT_MATCH_SCTP=m
CONFIG_NETFILTER_XT_MATCH_STATE=m
CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
CONFIG_NETFILTER_XT_MATCH_STRING=m
CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
CONFIG_NETFILTER_XT_MATCH_U32=m
CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m
|
| Code: |
asdg linux # strace iptables -A INPUT -p tcp --dport 1234
execve("/sbin/iptables", ["iptables", "-A", "INPUT", "-p", "tcp", "--dport", "1234"], [/* 27 vars */]) = 0
brk(0) = 0x8056000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=24414, ...}) = 0
mmap2(NULL, 24414, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fa2000
close(3) = 0
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\n\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=9612, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fa1000
mmap2(NULL, 12412, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7f9d000
mmap2(0xb7f9f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7f9f000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@a\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1237276, ...}) = 0
mmap2(NULL, 1242576, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e6d000
mmap2(0xb7f97000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12a) = 0xb7f97000
mmap2(0xb7f9a000, 9680, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7f9a000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7e6c000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7e6c6c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xb7f97000, 8192, PROT_READ) = 0
mprotect(0xb7f9f000, 4096, PROT_READ) = 0
mprotect(0x8054000, 4096, PROT_READ) = 0
mprotect(0xb7fc2000, 4096, PROT_READ) = 0
munmap(0xb7fa2000, 24414) = 0
brk(0) = 0x8056000
brk(0x8077000) = 0x8077000
open("/etc/nsswitch.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=508, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fa7000
read(3, "# /etc/nsswitch.conf:\n# $Header:"..., 4096) = 508
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7fa7000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=24414, ...}) = 0
mmap2(NULL, 24414, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fa2000
close(3) = 0
open("/lib/tls/i686/sse2/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/tls/i686/sse2", 0xbf80e450) = -1 ENOENT (No such file or directory)
open("/lib/tls/i686/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/tls/i686", 0xbf80e450) = -1 ENOENT (No such file or directory)
open("/lib/tls/sse2/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/tls/sse2", 0xbf80e450) = -1 ENOENT (No such file or directory)
open("/lib/tls/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/tls", 0xbf80e450) = -1 ENOENT (No such file or directory)
open("/lib/i686/sse2/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/i686/sse2", 0xbf80e450) = -1 ENOENT (No such file or directory)
open("/lib/i686/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/i686", 0xbf80e450) = -1 ENOENT (No such file or directory)
open("/lib/sse2/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/sse2", 0xbf80e450) = -1 ENOENT (No such file or directory)
open("/lib/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib", {st_mode=S_IFDIR|0755, st_size=4104, ...}) = 0
open("/usr/lib/tls/i686/sse2/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/tls/i686/sse2", 0xbf80e450) = -1 ENOENT (No such file or directory)
open("/usr/lib/tls/i686/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/tls/i686", 0xbf80e450) = -1 ENOENT (No such file or directory)
open("/usr/lib/tls/sse2/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/tls/sse2", 0xbf80e450) = -1 ENOENT (No such file or directory)
open("/usr/lib/tls/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/tls", 0xbf80e450) = -1 ENOENT (No such file or directory)
open("/usr/lib/i686/sse2/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/i686/sse2", 0xbf80e450) = -1 ENOENT (No such file or directory)
open("/usr/lib/i686/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/i686", 0xbf80e450) = -1 ENOENT (No such file or directory)
open("/usr/lib/sse2/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/sse2", 0xbf80e450) = -1 ENOENT (No such file or directory)
open("/usr/lib/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib", {st_mode=S_IFDIR|0755, st_size=23728, ...}) = 0
munmap(0xb7fa2000, 24414) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=24414, ...}) = 0
mmap2(NULL, 24414, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fa2000
close(3) = 0
open("/lib/libnss_files.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \31\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=34244, ...}) = 0
mmap2(NULL, 37528, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e62000
mmap2(0xb7e6a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7) = 0xb7e6a000
close(3) = 0
mprotect(0xb7e6a000, 4096, PROT_READ) = 0
munmap(0xb7fa2000, 24414) = 0
open("/etc/protocols", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=5681, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fa7000
read(3, "# /etc/protocols\n#\n# Internet (I"..., 4096) = 4096
close(3) = 0
munmap(0xb7fa7000, 4096) = 0
open("/lib/iptables/libxt_tcp.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260\7\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=9664, ...}) = 0
mmap2(NULL, 12576, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7fa4000
mmap2(0xb7fa6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7fa6000
close(3) = 0
mprotect(0xb7fa6000, 4096, PROT_READ) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0\1\0\0\0T\235\272\347\334\351\21\300P\17C\307\320\352\233\367\0\0\0\0"..., [84]) = 0
getsockopt(3, SOL_IP, 0x41 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [656]) = 0
open("/lib/iptables/libxt_standard.so", O_RDONLY) = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\4\0\0004\0\0\0"..., 512) = 512
fstat64(4, {st_mode=S_IFREG|0755, st_size=5484, ...}) = 0
mmap2(NULL, 8452, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0xb7e5f000
mmap2(0xb7e60000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0) = 0xb7e60000
close(4) = 0
mprotect(0xb7e60000, 4096, PROT_READ) = 0
setsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 904) = -1 ENOENT (No such file or directory)
write(2, "iptables: No chain/target/match "..., 45iptables: No chain/target/match by that name
) = 45
exit_group(1)
|
Last edited by saepia on Wed Apr 16, 2008 10:03 am; edited 1 time in total |
|
| Back to top |
|
 |
Thesee
Tux's lil' helper
Joined: 02 Jun 2004
Posts: 123
Location: Belgium
|
| Posted: Wed Apr 16, 2008 9:28 am Post subject: |
|
|
This doesn't sound like a --dport issue to me.
From http://www.faqs.org/docs/iptables/commonproblems.html:
| Quote: | iptables: No chain/target/match by that name
This error tells us that there is no such chain, target or match. This could depend upon a huge set of factors, the most common being that you have misspelled the chain, target or match in question. Also, this could be generated in case you are trying to use a match that is not available, either because you did not load the proper module, it was not compiled into kernel or iptables failed to automatically load the module. In general, you should look for all of the above solutions but also look for misspelled targets of some sort or another in your rule. |
When I see your command:
| Code: | | asdg ~ # iptables -A INPUT -p tcp --dport 1234 |
I don't see the target parameter (-j target).
Maybe try:
| Code: | | asdg ~ # iptables -A INPUT -p tcp --dport 1234 -j ACCEPT |
HTH
_________________
How does a UNIX expert have sex?
Unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep. |
|
| Back to top |
|
|
saepia
n00b
Joined: 12 Sep 2004
Posts: 42
Location: Krakow or Szczecin @ Poland (Europe)
|
| Posted: Wed Apr 16, 2008 10:03 am Post subject: |
|
|
I've compiled all iptables related modules statically into kernel and it works.
Propably that was something with linking. Later I found somewhere information that it could be related to xt_tcpudp module or something like that. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
