From: Steve Turnbull <steve.turnbull@yhgfl.net>
To: netfilter@lists.netfilter.org
Subject: Re: No chain/target/match by that name
Date: Sun, 05 Sep 2004 16:52:44 +0100 [thread overview]
Message-ID: <413B364C.1060407@yhgfl.net> (raw)
In-Reply-To: <1094396051.1745.20.camel@wolfpack.ljm.dom>
Jason Opperisano wrote:
> On Sun, 2004-09-05 at 10:31, Steve Turnbull wrote:
>
>>Hi
>>
>>Our web server is configured;
>>Debian (Woody) (No X installed)
>>Kernel 2.4.23 - configured with iptables in mind
>>iptables v1.2.6a
>>
>>When we start the firewall script, we get this message;
>>'No chain/target/match by that name'
>
>
> start your fw script with the following:
>
> bash -x <script>
>
> and it will show you the parsing of every line and you will be able to
> see which line causes the error.
>
> if i had to take a stab in the dark--i'd guess it's "-m state" rule;
> which would mean you built your kernel without connection tracking
> support--which would explain the other behavior as well...
>
> the connection tracking option is "CONFIG_IP_NF_CONNTRACK" in your
> kernel config. i *highly* recommend including it unless you have a very
> compelling reason not to.
>
> -j
>
Thanks for the reply
Our Kernel .config file (iptables extract) shows this (see below), which
suggests CONNTRACK is on. Does any of the other setting need compiling in??
Regards
Steve
#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_FTP=y
# CONFIG_IP_NF_AMANDA is not set
# CONFIG_IP_NF_TFTP is not set
# CONFIG_IP_NF_IRC is not set
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=y
# CONFIG_IP_NF_MATCH_LIMIT is not set
# CONFIG_IP_NF_MATCH_MAC is not set
# CONFIG_IP_NF_MATCH_PKTTYPE is not set
# CONFIG_IP_NF_MATCH_MARK is not set
# CONFIG_IP_NF_MATCH_MULTIPORT is not set
# CONFIG_IP_NF_MATCH_TOS is not set
# CONFIG_IP_NF_MATCH_RECENT is not set
# CONFIG_IP_NF_MATCH_ECN is not set
# CONFIG_IP_NF_MATCH_DSCP is not set
# CONFIG_IP_NF_MATCH_AH_ESP is not set
# CONFIG_IP_NF_MATCH_LENGTH is not set
# CONFIG_IP_NF_MATCH_TTL is not set
# CONFIG_IP_NF_MATCH_TCPMSS is not set
# CONFIG_IP_NF_MATCH_HELPER is not set
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_MATCH_CONNTRACK=y
# CONFIG_IP_NF_MATCH_UNCLEAN is not set
# CONFIG_IP_NF_MATCH_OWNER is not set
CONFIG_IP_NF_FILTER=y
# CONFIG_IP_NF_TARGET_REJECT is not set
# CONFIG_IP_NF_TARGET_MIRROR is not set
# CONFIG_IP_NF_NAT is not set
# CONFIG_IP_NF_MANGLE is not set
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
# CONFIG_IP_NF_TARGET_TCPMSS is not set
# CONFIG_IP_NF_ARPTABLES is not set
--
Steve Turnbull
Digital Content Developer
YHGfL Foundation
t 01724 275030
e steve.turnbull@yhgfl.net
next prev parent reply other threads:[~2004-09-05 15:52 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-05 14:31 No chain/target/match by that name Steve Turnbull
2004-09-05 14:54 ` Jason Opperisano
2004-09-05 15:52 ` Steve Turnbull [this message]
2004-09-05 15:55 ` Steve Turnbull
2004-09-05 16:41 ` Jose Maria Lopez
2004-09-05 17:51 ` Alistair Tonner
2004-09-05 18:32 ` Steve Turnbull
2004-09-06 23:38 ` Steve Turnbull
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=413B364C.1060407@yhgfl.net \
--to=steve.turnbull@yhgfl.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox