From: Steve Turnbull <steve.turnbull@yhgfl.net>
To: netfilter@lists.netfilter.org
Subject: Re: No chain/target/match by that name
Date: Sun, 05 Sep 2004 16:52:44 +0100 [thread overview]
Message-ID: <413B364C.1060407@yhgfl.net> (raw)
In-Reply-To: <1094396051.1745.20.camel@wolfpack.ljm.dom>
Jason Opperisano wrote:
> On Sun, 2004-09-05 at 10:31, Steve Turnbull wrote:
>
>>Hi
>>
>>Our web server is configured;
>>Debian (Woody) (No X installed)
>>Kernel 2.4.23 - configured with iptables in mind
>>iptables v1.2.6a
>>
>>When we start the firewall script, we get this message;
>>'No chain/target/match by that name'
>
>
> start your fw script with the following:
>
> bash -x <script>
>
> and it will show you the parsing of every line and you will be able to
> see which line causes the error.
>
> if i had to take a stab in the dark--i'd guess it's "-m state" rule;
> which would mean you built your kernel without connection tracking
> support--which would explain the other behavior as well...
>
> the connection tracking option is "CONFIG_IP_NF_CONNTRACK" in your
> kernel config. i *highly* recommend including it unless you have a very
> compelling reason not to.
>
> -j
>
Thanks for the reply
Our Kernel .config file (iptables extract) shows this (see below), which
suggests CONNTRACK is on. Does any of the other setting need compiling in??
Regards
Steve
#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_FTP=y
# CONFIG_IP_NF_AMANDA is not set
# CONFIG_IP_NF_TFTP is not set
# CONFIG_IP_NF_IRC is not set
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=y
# CONFIG_IP_NF_MATCH_LIMIT is not set
# CONFIG_IP_NF_MATCH_MAC is not set
# CONFIG_IP_NF_MATCH_PKTTYPE is not set
# CONFIG_IP_NF_MATCH_MARK is not set
# CONFIG_IP_NF_MATCH_MULTIPORT is not set
# CONFIG_IP_NF_MATCH_TOS is not set
# CONFIG_IP_NF_MATCH_RECENT is not set
# CONFIG_IP_NF_MATCH_ECN is not set
# CONFIG_IP_NF_MATCH_DSCP is not set
# CONFIG_IP_NF_MATCH_AH_ESP is not set
# CONFIG_IP_NF_MATCH_LENGTH is not set
# CONFIG_IP_NF_MATCH_TTL is not set
# CONFIG_IP_NF_MATCH_TCPMSS is not set
# CONFIG_IP_NF_MATCH_HELPER is not set
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_MATCH_CONNTRACK=y
# CONFIG_IP_NF_MATCH_UNCLEAN is not set
# CONFIG_IP_NF_MATCH_OWNER is not set
CONFIG_IP_NF_FILTER=y
# CONFIG_IP_NF_TARGET_REJECT is not set
# CONFIG_IP_NF_TARGET_MIRROR is not set
# CONFIG_IP_NF_NAT is not set
# CONFIG_IP_NF_MANGLE is not set
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
# CONFIG_IP_NF_TARGET_TCPMSS is not set
# CONFIG_IP_NF_ARPTABLES is not set
--
Steve Turnbull
Digital Content Developer
YHGfL Foundation
t 01724 275030
e steve.turnbull@yhgfl.net
next prev parent reply other threads:[~2004-09-05 15:52 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-05 14:31 No chain/target/match by that name Steve Turnbull
2004-09-05 14:54 ` Jason Opperisano
2004-09-05 15:52 ` Steve Turnbull [this message]
2004-09-05 15:55 ` Steve Turnbull
2004-09-05 16:41 ` Jose Maria Lopez
2004-09-05 17:51 ` Alistair Tonner
2004-09-05 18:32 ` Steve Turnbull
2004-09-06 23:38 ` Steve Turnbull
-- strict thread matches above, loose matches on Subject: below --
2009-03-17 10:19 Vlad
2009-03-17 10:20 ` Jan Engelhardt
[not found] ` <49BF7B71.2080801@gmx.net>
[not found] ` <alpine.LSU.2.00.0903171131220.18190@fbirervta.pbzchgretzou.qr>
[not found] ` <49BF7D72.7010401@gmx.net>
2009-03-17 10:44 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=413B364C.1060407@yhgfl.net \
--to=steve.turnbull@yhgfl.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.