* Unable to add rule on Chain with 28 characters.
@ 2005-07-08 19:00 Rafael Dreher
2005-07-08 19:50 ` Jason Opperisano
0 siblings, 1 reply; 10+ messages in thread
From: Rafael Dreher @ 2005-07-08 19:00 UTC (permalink / raw)
To: netfilter
Hi,
I'm trying do add a rule on a user-defined chain, on the NAT table, with 28 characters.
The chain have bee added without any problem, but when I add the rule, iptables says that it's unable do find the chain.
If I reduce the chain to 25 characters, it works. I'm trying to migrate a set of rules form iptables-1.2.11 to 1.3.1,
and I don't want to rewrite the rules.
Someone can help me?
My iptables version: 1.3.1
My kernel version: 2.4.31
POM-Patches:
CLASSIFY
SAME
comment
NETMAP
iprange
quota
time
IPMARK
ROUTE
account
h323-conntrack-nat
ipp2p
l7-filter-pom-1.4
mms-conntrack-nat
msnp-conntrack-nat
pptp-conntrack-nat
quake3-conntrack-nat
string
mport
Thanks in advance.
--
Rafael Dreher
-:: Red Hat Certified Engineer ::-
-:: Nr: 807303498507617 ::-
http://www.redhat.com/training/certification/verify
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Unable to add rule on Chain with 28 characters.
2005-07-08 19:00 Unable to add rule on Chain with 28 characters Rafael Dreher
@ 2005-07-08 19:50 ` Jason Opperisano
2005-07-08 20:01 ` Rafael Dreher
0 siblings, 1 reply; 10+ messages in thread
From: Jason Opperisano @ 2005-07-08 19:50 UTC (permalink / raw)
To: netfilter
On Fri, Jul 08, 2005 at 04:00:23PM -0300, Rafael Dreher wrote:
> Hi,
>
> I'm trying do add a rule on a user-defined chain, on the NAT table, with 28
> characters.
my guess is you're leaving out the '-t nat' as custom chains only exist
in the table they're created in:
# iptables -t nat -N GqKOJUpUAOboDEbYcaVUCDqprFy
# iptables -t nat -A GqKOJUpUAOboDEbYcaVUCDqprFy -j ACCEPT
# iptables -t nat -A PREROUTING -j GqKOJUpUAOboDEbYcaVUCDqprFy
# iptables -t nat -vnxL
Chain GqKOJUpUAOboDEbYcaVUCDqprFy (1 references)
pkts bytes target prot opt in out source
destination
1 78 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
1 78 GqKOJUpUAOboDEbYcaVUCDqprFy all -- * *
0.0.0.0/0 0.0.0.0/0
<--- snip --->
# iptables -V && uname -r
iptables v1.3.1
2.6.11.4-21.7-default
i also tested this on:
# iptables -V && uname -r
iptables v1.2.11
2.4.27-2-386
alas--i have no 2.4 + 1.3.1 combo i can test on; so i cannot say there
isn't some weird interaction between those two that causes your issue to
crop up.
-j
--
"Brian: Whose leg do I have to hump to get a dry martini around here?"
--Family Guy
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Unable to add rule on Chain with 28 characters.
2005-07-08 19:50 ` Jason Opperisano
@ 2005-07-08 20:01 ` Rafael Dreher
2005-07-08 20:09 ` Jason Opperisano
2005-07-08 20:10 ` Royce Kemp
0 siblings, 2 replies; 10+ messages in thread
From: Rafael Dreher @ 2005-07-08 20:01 UTC (permalink / raw)
To: Jason Opperisano; +Cc: netfilter
>>Hi,
>>
>>I'm trying do add a rule on a user-defined chain, on the NAT table, with 28
>>characters.
>
>
> my guess is you're leaving out the '-t nat' as custom chains only exist
> in the table they're created in:
>
Hi, again.
I guess no. :)
[root@ward] [16:55:58]
[~]#iptables -t nat -N ecommerce-internet@POSTROUTING
[root@ward] [16:56:01]
[~]#iptables -t nat -A POSTROUTING -j ecommerce-internet@POSTROUTING
iptables: No chain/target/match by that name
[root@ward] [16:56:19]
[~]#
Am I crazy? :)
This chain has 30 characters... the max.. if I reduce it to 28, it's added wihtout any problem.
Thank's
--
Rafael Dreher
-:: Red Hat Certified Engineer ::-
-:: Nr: 807303498507617 ::-
http://www.redhat.com/training/certification/verify
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Unable to add rule on Chain with 28 characters.
2005-07-08 20:01 ` Rafael Dreher
@ 2005-07-08 20:09 ` Jason Opperisano
2005-07-08 20:11 ` Jason Opperisano
2005-07-09 10:23 ` Jan Engelhardt
2005-07-08 20:10 ` Royce Kemp
1 sibling, 2 replies; 10+ messages in thread
From: Jason Opperisano @ 2005-07-08 20:09 UTC (permalink / raw)
To: netfilter
On Fri, Jul 08, 2005 at 05:01:03PM -0300, Rafael Dreher wrote:
> >>Hi,
> >>
> >>I'm trying do add a rule on a user-defined chain, on the NAT table, with
> >>28 characters.
> >
> >
> >my guess is you're leaving out the '-t nat' as custom chains only exist
> >in the table they're created in:
> >
>
> Hi, again.
>
> I guess no. :)
provide more info next time and i won't have to guess. :-D
> [root@ward] [16:55:58]
> [~]#iptables -t nat -N ecommerce-internet@POSTROUTING
>
> [root@ward] [16:56:01]
> [~]#iptables -t nat -A POSTROUTING -j ecommerce-internet@POSTROUTING
> iptables: No chain/target/match by that name
>
> [root@ward] [16:56:19]
> [~]#
>
> Am I crazy? :)
>
> This chain has 30 characters... the max.. if I reduce it to 28, it's added
> wihtout any problem.
(note: your OP said the error was with the 28 char chain)
it looks like 29 characters is the max:
30 char chain name:
# iptables -t nat -N PubABFZhrRJgwChbszxazNssqWKWB
# iptables -t nat -A PREROUTING -j PubABFZhrRJgwChbszxazNssqWKWB
iptables: No chain/target/match by that name
29 char chain name:
# iptables -t nat -N PubABFZhrRJgwChbszxazNssqWKW
# iptables -t nat -A PREROUTING -j PubABFZhrRJgwChbszxazNssqWKW
#
-j
--
"Peter: This party couldn't be better if Jesus was here.
Jesus: For my next miracle, I will turn water... into FUNK."
--Family Guy
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Unable to add rule on Chain with 28 characters.
2005-07-08 20:01 ` Rafael Dreher
2005-07-08 20:09 ` Jason Opperisano
@ 2005-07-08 20:10 ` Royce Kemp
2005-07-11 13:11 ` Rafael Dreher
1 sibling, 1 reply; 10+ messages in thread
From: Royce Kemp @ 2005-07-08 20:10 UTC (permalink / raw)
To: Rafael Dreher, Jason Opperisano; +Cc: netfilter
I have run into this problem as well. Learn to stick to 28 characters.
-r
At 01:01 PM 7/8/2005, Rafael Dreher wrote:
>>>Hi,
>>>
>>>I'm trying do add a rule on a user-defined chain, on the NAT table, with
>>>28 characters.
>>
>>my guess is you're leaving out the '-t nat' as custom chains only exist
>>in the table they're created in:
>
>Hi, again.
>
>I guess no. :)
>
>[root@ward] [16:55:58]
>[~]#iptables -t nat -N ecommerce-internet@POSTROUTING
>
>[root@ward] [16:56:01]
>[~]#iptables -t nat -A POSTROUTING -j ecommerce-internet@POSTROUTING
>iptables: No chain/target/match by that name
>
>[root@ward] [16:56:19]
>[~]#
>
>Am I crazy? :)
>
>This chain has 30 characters... the max.. if I reduce it to 28, it's added
>wihtout any problem.
>
>Thank's
>
>--
>Rafael Dreher
>
>-:: Red Hat Certified Engineer ::-
>-:: Nr: 807303498507617 ::-
>http://www.redhat.com/training/certification/verify
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Unable to add rule on Chain with 28 characters.
2005-07-08 20:09 ` Jason Opperisano
@ 2005-07-08 20:11 ` Jason Opperisano
2005-07-09 10:23 ` Jan Engelhardt
1 sibling, 0 replies; 10+ messages in thread
From: Jason Opperisano @ 2005-07-08 20:11 UTC (permalink / raw)
To: netfilter
On Fri, Jul 08, 2005 at 04:09:37PM -0400, Jason Opperisano wrote:
> it looks like 29 characters is the max:
>
> 30 char chain name:
>
> # iptables -t nat -N PubABFZhrRJgwChbszxazNssqWKWB
> # iptables -t nat -A PREROUTING -j PubABFZhrRJgwChbszxazNssqWKWB
> iptables: No chain/target/match by that name
>
> 29 char chain name:
>
> # iptables -t nat -N PubABFZhrRJgwChbszxazNssqWKW
> # iptables -t nat -A PREROUTING -j PubABFZhrRJgwChbszxazNssqWKW
> #
stupid off-by-one math. subtract 1 from everything i said...
-j
--
"Peter: Hey, Brian. If cops are pigs, does that make you a Snausage?
Brian: Clever, Peter. Did you stay up all night writing that?
Peter: No, I got to bed around two, two-thirty."
--Family Guy
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Unable to add rule on Chain with 28 characters.
2005-07-08 20:09 ` Jason Opperisano
2005-07-08 20:11 ` Jason Opperisano
@ 2005-07-09 10:23 ` Jan Engelhardt
1 sibling, 0 replies; 10+ messages in thread
From: Jan Engelhardt @ 2005-07-09 10:23 UTC (permalink / raw)
To: Jason Opperisano; +Cc: netfilter
>> This chain has 30 characters... the max.. if I reduce it to 28, it's added
>> wihtout any problem.
>
>(note: your OP said the error was with the 28 char chain)
>
>it looks like 29 characters is the max:
It's documented:
--log-prefix prefix
Prefix log messages with the specified prefix; up to 29 letters
long, and useful for distinguishing messages in the logs.
So I guess there's more places with the 30 limit (read: 1 for the '\0' char).
Jan Engelhardt
--
| Alphagate Systems, http://alphagate.hopto.org/
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Unable to add rule on Chain with 28 characters.
2005-07-08 20:10 ` Royce Kemp
@ 2005-07-11 13:11 ` Rafael Dreher
2005-07-11 13:15 ` Jan Engelhardt
0 siblings, 1 reply; 10+ messages in thread
From: Rafael Dreher @ 2005-07-11 13:11 UTC (permalink / raw)
To: Royce Kemp; +Cc: netfilter
So, that's a BUG.
Why iptbles let me add a chain with 30 characters, if I can't use this chain?
[root@ward] [10:07:54]
[~]#iptables -t nat -N 123456789012345678901234567890
[root@ward] [10:08:05]
[~]#iptables -t nat -A POSTROUTING -j 123456789012345678901234567890
iptables: No chain/target/match by that name
Hey, gurus, can anyone help me? :)
Thank's
Royce Kemp wrote:
> I have run into this problem as well. Learn to stick to 28 characters.
>
> -r
>
> At 01:01 PM 7/8/2005, Rafael Dreher wrote:
>
>>>> Hi,
>>>>
>>>> I'm trying do add a rule on a user-defined chain, on the NAT table,
>>>> with 28 characters.
>>>
>>>
>>> my guess is you're leaving out the '-t nat' as custom chains only exist
>>> in the table they're created in:
>>
>>
>> Hi, again.
>>
>> I guess no. :)
>>
>> [root@ward] [16:55:58]
>> [~]#iptables -t nat -N ecommerce-internet@POSTROUTING
>>
>> [root@ward] [16:56:01]
>> [~]#iptables -t nat -A POSTROUTING -j ecommerce-internet@POSTROUTING
>> iptables: No chain/target/match by that name
>>
>> [root@ward] [16:56:19]
>> [~]#
>>
>> Am I crazy? :)
>>
>> This chain has 30 characters... the max.. if I reduce it to 28, it's
>> added wihtout any problem.
>>
>> Thank's
>>
>> --
>> Rafael Dreher
>>
>> -:: Red Hat Certified Engineer ::-
>> -:: Nr: 807303498507617 ::-
>> http://www.redhat.com/training/certification/verify
>
>
>
>
--
Rafael Dreher
-:: Interage Integradora ::-
-:: Pesquisa e Desenvolvimento ::-
-:: www.gatepro.com.br || www.interage.com.br ::-
-:: Red Hat Certified Engineer ::-
-:: Nr: 807303498507617 ::-
http://www.redhat.com/training/certification/verify
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Unable to add rule on Chain with 28 characters.
2005-07-11 13:11 ` Rafael Dreher
@ 2005-07-11 13:15 ` Jan Engelhardt
2005-07-11 13:22 ` Rafael Dreher
0 siblings, 1 reply; 10+ messages in thread
From: Jan Engelhardt @ 2005-07-11 13:15 UTC (permalink / raw)
To: Rafael Dreher; +Cc: netfilter
> So, that's a BUG.
> Why iptbles let me add a chain with 30 characters, if I can't use this chain?
>
> [root@ward] [10:07:54]
> [~]#iptables -t nat -N 123456789012345678901234567890
>
> [root@ward] [10:08:05]
> [~]#iptables -t nat -A POSTROUTING -j 123456789012345678901234567890
> iptables: No chain/target/match by that name
Try
iptables -t nat -N 123456789012345678901234567890
iptables -t nat -A POSTROUTING -j 1234567890123456789012345678
(Maybe add a '9' to the last.) If that's the case, then this is not really a
bug, but some code silently truncates the -N request.
Jan Engelhardt
--
| Alphagate Systems, http://alphagate.hopto.org/
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Re: Unable to add rule on Chain with 28 characters.
2005-07-11 13:15 ` Jan Engelhardt
@ 2005-07-11 13:22 ` Rafael Dreher
0 siblings, 0 replies; 10+ messages in thread
From: Rafael Dreher @ 2005-07-11 13:22 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter-devel, netfilter
No, that's not the case. I'm still thinking that's a bug.
[root@ward] [10:18:30]
[~]#iptables -t nat -N 123456789012345678901234567890
[root@ward] [10:18:38]
[~]#iptables -t nat -A POSTROUTING -j 1234567890123456789012345678
iptables v1.3.2: Couldn't load target
`1234567890123456789012345678':/usr/local/lib/iptables/libipt_1234567890123456789012345678.so: cannot open shared object
file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
[root@ward] [10:18:41]
[~]#
Any idea?
Thank 's
Jan Engelhardt wrote:
>>So, that's a BUG.
>>Why iptbles let me add a chain with 30 characters, if I can't use this chain?
>>
>>[root@ward] [10:07:54]
>>[~]#iptables -t nat -N 123456789012345678901234567890
>>
>>[root@ward] [10:08:05]
>>[~]#iptables -t nat -A POSTROUTING -j 123456789012345678901234567890
>>iptables: No chain/target/match by that name
>
>
> Try
> iptables -t nat -N 123456789012345678901234567890
> iptables -t nat -A POSTROUTING -j 1234567890123456789012345678
>
> (Maybe add a '9' to the last.) If that's the case, then this is not really a
> bug, but some code silently truncates the -N request.
>
>
>
> Jan Engelhardt
--
Rafael Dreher
-:: Red Hat Certified Engineer ::-
-:: Nr: 807303498507617 ::-
http://www.redhat.com/training/certification/verify
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2005-07-11 13:22 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-07-08 19:00 Unable to add rule on Chain with 28 characters Rafael Dreher
2005-07-08 19:50 ` Jason Opperisano
2005-07-08 20:01 ` Rafael Dreher
2005-07-08 20:09 ` Jason Opperisano
2005-07-08 20:11 ` Jason Opperisano
2005-07-09 10:23 ` Jan Engelhardt
2005-07-08 20:10 ` Royce Kemp
2005-07-11 13:11 ` Rafael Dreher
2005-07-11 13:15 ` Jan Engelhardt
2005-07-11 13:22 ` Rafael Dreher
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.