Target rules does not work on kernel 2.6.17.x.

All of lore.kernel.org
 help / color / mirror / Atom feed

* Target rules does not work on kernel 2.6.17.x.
@ 2006-08-04  7:07 Pär
  2006-08-04 17:32 ` Jan Engelhardt
  0 siblings, 1 reply; 3+ messages in thread
From: Pär @ 2006-08-04  7:07 UTC (permalink / raw)
  To: netfilter

Hi.
Having trouble with iptables when upgrading from kernel 2.6.13 to 2.6.17.x .
My old firewall rules are not functioning anymore.

Target rules that are using -j DNAT  such as this one:
$IPTABLES  -A PREROUTING -t nat -i $EXT -p tcp --dport 3389 -j DNAT --to 
192.168.x.x:3389

and j- ACCEPT
$IPTABLES  -A INPUT -p tcp -i $EXT -d 0/0 --dport 3724 -j ACCEPT

Does not work.
For iptables 1.3.4 it does not work (returns an errorcode) and for
1.3.5_iptables-1.3.5-20060702 it returns

iptables: No chain/target/match by that name

I have all iptables dependent modules in the kernel set as loadable modules.
So I do this in the beginning of the firewall script:

modprobe ip_tables
modprobe ip_conntrack_irc
modprobe ip_conntrack
modprobe ip_nat_irc
modprobe iptable_filter
modprobe iptable_nat
modprobe iptable_mangle
modprobe ipt_conntrack
modprobe ipt_MASQUERADE
modprobe ipt_multiport
modprobe ipt_state
modprobe ipt_REDIRECT
modprobe ipt_REJECT
modprobe ipt_LOG

Anyone have any ideas on how to proceed on this ?
I really need 2.6.17.x in order to activate new  wireless  functions 
that has been added into the 2.6.17.x kernel.

Cheers

/P

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Target rules does not work on kernel 2.6.17.x.
  2006-08-04  7:07 Target rules does not work on kernel 2.6.17.x Pär
@ 2006-08-04 17:32 ` Jan Engelhardt
  2006-08-05 17:46   ` Pär
  0 siblings, 1 reply; 3+ messages in thread
From: Jan Engelhardt @ 2006-08-04 17:32 UTC (permalink / raw)
  To: Pär; +Cc: netfilter


> My old firewall rules are not functioning anymore.

Try specifying -t nat before ALL options. ebtables for instance required 
this for long, i.e.

  iptables -t nat -A PREROUTING...


>
> Target rules that are using -j DNAT  such as this one:
> $IPTABLES  -A PREROUTING -t nat -i $EXT -p tcp --dport 3389 -j DNAT --to
> 192.168.x.x:3389
>
> and j- ACCEPT
> $IPTABLES  -A INPUT -p tcp -i $EXT -d 0/0 --dport 3724 -j ACCEPT
>
> Does not work.
> For iptables 1.3.4 it does not work (returns an errorcode) and for
> 1.3.5_iptables-1.3.5-20060702 it returns
>
> iptables: No chain/target/match by that name
>
> I have all iptables dependent modules in the kernel set as loadable modules.
> So I do this in the beginning of the firewall script:
>
> modprobe ip_tables
> modprobe ip_conntrack_irc
> modprobe ip_conntrack
> modprobe ip_nat_irc
> modprobe iptable_filter
> modprobe iptable_nat
> modprobe iptable_mangle
> modprobe ipt_conntrack
> modprobe ipt_MASQUERADE
> modprobe ipt_multiport
> modprobe ipt_state
> modprobe ipt_REDIRECT
> modprobe ipt_REJECT
> modprobe ipt_LOG
>
> Anyone have any ideas on how to proceed on this ?
> I really need 2.6.17.x in order to activate new  wireless  functions that has
> been added into the 2.6.17.x kernel.
>
> Cheers
>
> /P
>
>
>
>
>
>

Jan Engelhardt
-- 


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Target rules does not work on kernel 2.6.17.x.
  2006-08-04 17:32 ` Jan Engelhardt
@ 2006-08-05 17:46   ` Pär
  0 siblings, 0 replies; 3+ messages in thread
From: Pär @ 2006-08-05 17:46 UTC (permalink / raw)
  To: Jan Engelhardt; +Cc: netfilter

Hi.
Found the problem.
Apparently I needed the itp_tcp module.
Earlier kernels must have included it in some other module.

/Pär


Jan Engelhardt skrev:
>> My old firewall rules are not functioning anymore.
>>     
>
> Try specifying -t nat before ALL options. ebtables for instance required 
> this for long, i.e.
>
>   iptables -t nat -A PREROUTING...
>
>
>   
>> Target rules that are using -j DNAT  such as this one:
>> $IPTABLES  -A PREROUTING -t nat -i $EXT -p tcp --dport 3389 -j DNAT --to
>> 192.168.x.x:3389
>>
>> and j- ACCEPT
>> $IPTABLES  -A INPUT -p tcp -i $EXT -d 0/0 --dport 3724 -j ACCEPT
>>
>> Does not work.
>> For iptables 1.3.4 it does not work (returns an errorcode) and for
>> 1.3.5_iptables-1.3.5-20060702 it returns
>>
>> iptables: No chain/target/match by that name
>>
>> I have all iptables dependent modules in the kernel set as loadable modules.
>> So I do this in the beginning of the firewall script:
>>
>> modprobe ip_tables
>> modprobe ip_conntrack_irc
>> modprobe ip_conntrack
>> modprobe ip_nat_irc
>> modprobe iptable_filter
>> modprobe iptable_nat
>> modprobe iptable_mangle
>> modprobe ipt_conntrack
>> modprobe ipt_MASQUERADE
>> modprobe ipt_multiport
>> modprobe ipt_state
>> modprobe ipt_REDIRECT
>> modprobe ipt_REJECT
>> modprobe ipt_LOG
>>
>> Anyone have any ideas on how to proceed on this ?
>> I really need 2.6.17.x in order to activate new  wireless  functions that has
>> been added into the 2.6.17.x kernel.
>>
>> Cheers
>>
>> /P
>>
>>
>>
>>
>>
>>
>>     
>
> Jan Engelhardt
>   



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2006-08-05 17:46 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-08-04  7:07 Target rules does not work on kernel 2.6.17.x Pär
2006-08-04 17:32 ` Jan Engelhardt
2006-08-05 17:46   ` Pär

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.