* Re: iptables: No chain/target/match by that name (detailed)
2006-01-09 7:21 iptables: No chain/target/match by that name Amresh Kumar
@ 2006-01-11 10:21 ` Amresh Kumar
0 siblings, 0 replies; 4+ messages in thread
From: Amresh Kumar @ 2006-01-11 10:21 UTC (permalink / raw)
To: amresh_srivastava, jsullivan; +Cc: netfilter
Hi,
I have successfully applied patch for "nth" module but when i am trying to
add the following RULE for testing purpose:-
"iptables -A INPUT -p icmp --icmp-type echo-request -m nth --every 2 -j
DROP"
It throws a message "iptables: No chain/target/match by that name".
The steps i have followed to apply the patch for "nth" are:-
1 Apply the the patch for "nth" using patch-o-matic.
#cd /root/patch-o-matic-ng
#KERNEL_DIR=/usr/src/kernels/linux-2.6.14.2
IPTABLES_DIR=/root/iptables-1.3.4 ./runme base
2 Recompile kernel
#cd /usr/src/kernels/linux-2.6.14.2
#make clean
#make menuconfig
#make bzImage
#make modules
#make modules_install
#make install
3.Reboot system with new linux-2.6.14.2
4. #cd /root/iptables-1.3.4
#make KERNEL_DIR=/usr/src/kernels/linux-2.6.14.2
#make install KERNEL_DIR=/usr/src/kernels/linux-2.6.14.2
I am trying it with kernel v2.6.14.2 and iptables v1.3.4.
**One thing that i have noticed that ipt_nth.o ipt_nth.ko ipt_nth.mod.c
ipth_nth.mod.o was not create during recompile of kernel***
Any comment
After,the above failure i have tried the another way to use "nth", add nth
as a Module as follows:-
first store the " ipt_nth.h" to the
"/usr/src/kernels/linux-2.6.14.2/include/linux/netfilter_ipv4/" directory
then, i wrote a Makefile
---------------------------------------------------------------
obj-m += ipt_nth.o
all:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules
clean:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean
-----------------------------------------------------------------------
then execute
#make
#modprobe ip_tables
#insmod ./ipt_nth.ko
It works.Now,i am able to use nth module.
So,please tell what i missed or did wrong in patch-o-matic procedure.
Thanks
Amresh Kumar
>From: "Amresh Kumar" <amresh_srivastava@hotmail.com>
>To: jsullivan@opensourcedevel.com
>CC: netfilter@lists.netfilter.org
>Subject: Re: iptables: No chain/target/match by that name
>Date: Mon, 09 Jan 2006 12:51:42 +0530
>MIME-Version: 1.0
>X-Originating-IP: [61.12.43.109]
>X-Originating-Email: [amresh_srivastava@hotmail.com]
>X-Sender: amresh_srivastava@hotmail.com
>Received: from vishnu.netfilter.org ([213.95.27.115]) by
>bay0-mc12-f13.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Sun, 8
>Jan 2006 23:25:14 -0800
>Received: from localhost ([127.0.0.1] helo=vishnu.netfilter.org)by
>vishnu.netfilter.org with esmtp (Exim 4.41 #1 (Debian))id 1EvrRf-0002mk-07;
>Mon, 09 Jan 2006 08:27:59 +0100
>Received: from bay105-f19.bay105.hotmail.com ([65.54.224.29]
>helo=hotmail.com)by vishnu.netfilter.org with esmtp (Exim 4.41 #1
>(Debian))id 1EvrRV-0002iu-Sufor <netfilter@lists.netfilter.org>; Mon, 09
>Jan 2006 08:27:50 +0100
>Received: from mail pickup service by hotmail.com with Microsoft
>SMTPSVC;Sun, 8 Jan 2006 23:21:42 -0800
>Received: from 65.54.224.200 by by105fd.bay105.hotmail.msn.com with
>HTTP;Mon, 09 Jan 2006 07:21:42 GMT
>X-Message-Info: JGTYoYF78jEHjJx36Oi8+Z3TmmkSEdPt4iogl2abg+M=
>X-OriginalArrivalTime: 09 Jan 2006 07:21:42.0918
>(UTC)FILETIME=[572F9A60:01C614ED]
>X-BeenThere: netfilter@lists.netfilter.org
>X-Mailman-Version: 2.1.5
>Precedence: list
>List-Id: General discussion and user questions
><netfilter.lists.netfilter.org>
>List-Unsubscribe:
><https://lists.netfilter.org/mailman/listinfo/netfilter>,<mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
>List-Archive: </pipermail/netfilter>
>List-Post: <mailto:netfilter@lists.netfilter.org>
>List-Help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
>List-Subscribe:
><https://lists.netfilter.org/mailman/listinfo/netfilter>,<mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
>Errors-To: netfilter-bounces@lists.netfilter.org
>Return-Path: netfilter-bounces@lists.netfilter.org
>
>
>Hi,
>Thanks for quick reply. My Iptables rule is enabled as a module. Yes i am
>loading the module for this i am doing
>
>modprobe ip_tables
>insmod ./ipt_nth.ko
>Than after applying rule iptables -A PREROUTING -i eth0 -p tcp --dport 80
>-m state
>--state NEW -m nth --counter 0 --every 4 --packet 0 -j DNAT
>It is working fine
>
>But iptables rule for Load Balancing with random is not working. still
>giving error
>iptables: No chain/target/match by that name
>
>Can i enable this rule in my kernel.....
>
>
>Thanks....
>
>>--
>
>>From: "John A. Sullivan III" <jsullivan@opensourcedevel.com>
>>To: Amresh Kumar <amresh_srivastava@hotmail.com>
>>CC: netfilter@lists.netfilter.org
>>Subject: Re: iptables: No chain/target/match by that name
>>Date: Sat, 07 Jan 2006 13:50:10 -0500
>>MIME-Version: 1.0
>>Received: from itza.net ([198.77.208.51]) by
>>bay0-mc12-f10.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Sat,
>>7 Jan 2006 10:50:38 -0800
>>Received: from [192.168.223.201] (unverified [24.75.251.186]) by itza.net
>>(ITZA Company Hosting Services - http://www.itza.net) with ESMTP id
>>14066248 for multiple; Sat, 07 Jan 2006 13:50:25 -0500
>>X-Message-Info: JGTYoYF78jHLwkyVEn2eatAFdoqg5YYBiazxjq0B+qw=
>>Return-Path: <jsullivan@opensourcedevel.com>
>>References: <BAY105-F281A346E9A68ED0764F10F9E200@phx.gbl>
>>X-Mailer: Evolution 2.2.3 (2.2.3-2.fc4) X-Server: High Performance Mail
>>Server - http://surgemail.com r=-670927196
>>X-Avast: Message is clean
>>X-IP-stats: Incoming Last 0, First 70, in=193, out=0, spam=0
>>X-External-IP: 24.75.251.186
>>X-OriginalArrivalTime: 07 Jan 2006 18:50:38.0487 (UTC)
>>FILETIME=[40476270:01C613BB]
>>
>>On Sat, 2006-01-07 at 12:42 +0530, Amresh Kumar wrote:
>> > Hi ,
>> >
>> > I am using iptables rule for Load Balancing with random* or nth but i
>>am
>> > getting the error
>> >
>> > iptables: No chain/target/match by that name
>> >
>> > iptables rule : iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m
>>state
>> > --state NEW -m nth --counter 0 --every 4 --packet 0 -j DNAT
>> > --to-destination 192.168.0.5:80
>> >
>> > iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW
>>-m
>> > random --average 25 -j DNAT --to-destination 192.168.0.5:80
>> >
>> > My kernel version is 2.6.9-5.0.3.EL
>> > Iptable version = iptables v1.3.4
>> >
>> > can anyone explain.
>> >
>> > Thanks..
>><snip>
>>Is it enabled in the kernel or as a module? If as a module, is it
>>loaded? - John
>>--
>>John A. Sullivan III
>>Open Source Development Corporation
>>+1 207-985-7880
>>jsullivan@opensourcedevel.com
>>
>>If you would like to participate in the development of an open source
>>enterprise class network security management system, please visit
>>http://iscs.sourceforge.net
>>
>
>_________________________________________________________________
>How good are you in a Formula One car? Play now
>http://server1.msn.co.in/sp05/tataracing/onlinegame.asp
>
>
_________________________________________________________________
Shah Rukh fan? Know all about the Baadshah of Bollywood. On MSN Search
http://server1.msn.co.in/profile/shahrukh.asp
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: iptables: No chain/target/match by that name (detailed)
@ 2006-01-11 14:42 Randy Grimshaw
2006-01-11 15:05 ` Rob Sterenborg
0 siblings, 1 reply; 4+ messages in thread
From: Randy Grimshaw @ 2006-01-11 14:42 UTC (permalink / raw)
To: amresh_srivastava, jsullivan; +Cc: netfilter
I believe you need to specify the chain i.e.:
iptables -t filter -A INPUT -p icmp --icmp-type echo-request -m nth --every 2 -j DROP
<><Randy
<><Randall Grimshaw
Room 203 Machinery Hall
Syracuse University
Syracuse, NY 13244
315-443-5779
rgrimsha@syr.edu
>>> "Amresh Kumar" <amresh_srivastava@hotmail.com> 1/11/2006 5:21:00 AM >>>
Hi,
I have successfully applied patch for "nth" module but when i am trying to
add the following RULE for testing purpose:-
"iptables -A INPUT -p icmp --icmp-type echo-request -m nth --every 2 -j
DROP"
It throws a message "iptables: No chain/target/match by that name".
The steps i have followed to apply the patch for "nth" are:-
1 Apply the the patch for "nth" using patch-o-matic.
#cd /root/patch-o-matic-ng
#KERNEL_DIR=/usr/src/kernels/linux-2.6.14.2
IPTABLES_DIR=/root/iptables-1.3.4 ./runme base
2 Recompile kernel
#cd /usr/src/kernels/linux-2.6.14.2
#make clean
#make menuconfig
#make bzImage
#make modules
#make modules_install
#make install
3.Reboot system with new linux-2.6.14.2
4. #cd /root/iptables-1.3.4
#make KERNEL_DIR=/usr/src/kernels/linux-2.6.14.2
#make install KERNEL_DIR=/usr/src/kernels/linux-2.6.14.2
I am trying it with kernel v2.6.14.2 and iptables v1.3.4.
**One thing that i have noticed that ipt_nth.o ipt_nth.ko ipt_nth.mod.c
ipth_nth.mod.o was not create during recompile of kernel***
Any comment
After,the above failure i have tried the another way to use "nth", add nth
as a Module as follows:-
first store the " ipt_nth.h" to the
"/usr/src/kernels/linux-2.6.14.2/include/linux/netfilter_ipv4/" directory
then, i wrote a Makefile
---------------------------------------------------------------
obj-m += ipt_nth.o
all:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules
clean:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean
-----------------------------------------------------------------------
then execute
#make
#modprobe ip_tables
#insmod ./ipt_nth.ko
It works.Now,i am able to use nth module.
So,please tell what i missed or did wrong in patch-o-matic procedure.
Thanks
Amresh Kumar
>From: "Amresh Kumar" <amresh_srivastava@hotmail.com>
>To: jsullivan@opensourcedevel.com
>CC: netfilter@lists.netfilter.org
>Subject: Re: iptables: No chain/target/match by that name
>Date: Mon, 09 Jan 2006 12:51:42 +0530
>MIME-Version: 1.0
>X-Originating-IP: [61.12.43.109]
>X-Originating-Email: [amresh_srivastava@hotmail.com]
>X-Sender: amresh_srivastava@hotmail.com
>Received: from vishnu.netfilter.org ([213.95.27.115]) by
>bay0-mc12-f13.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Sun, 8
>Jan 2006 23:25:14 -0800
>Received: from localhost ([127.0.0.1] helo=vishnu.netfilter.org)by
>vishnu.netfilter.org with esmtp (Exim 4.41 #1 (Debian))id 1EvrRf-0002mk-07;
>Mon, 09 Jan 2006 08:27:59 +0100
>Received: from bay105-f19.bay105.hotmail.com ([65.54.224.29]
>helo=hotmail.com)by vishnu.netfilter.org with esmtp (Exim 4.41 #1
>(Debian))id 1EvrRV-0002iu-Sufor <netfilter@lists.netfilter.org>; Mon, 09
>Jan 2006 08:27:50 +0100
>Received: from mail pickup service by hotmail.com with Microsoft
>SMTPSVC;Sun, 8 Jan 2006 23:21:42 -0800
>Received: from 65.54.224.200 by by105fd.bay105.hotmail.msn.com with
>HTTP;Mon, 09 Jan 2006 07:21:42 GMT
>X-Message-Info: JGTYoYF78jEHjJx36Oi8+Z3TmmkSEdPt4iogl2abg+M=
>X-OriginalArrivalTime: 09 Jan 2006 07:21:42.0918
>(UTC)FILETIME=[572F9A60:01C614ED]
>X-BeenThere: netfilter@lists.netfilter.org
>X-Mailman-Version: 2.1.5
>Precedence: list
>List-Id: General discussion and user questions
><netfilter.lists.netfilter.org>
>List-Unsubscribe:
><https://lists.netfilter.org/mailman/listinfo/netfilter>,<mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
>List-Archive: </pipermail/netfilter>
>List-Post: <mailto:netfilter@lists.netfilter.org>
>List-Help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
>List-Subscribe:
><https://lists.netfilter.org/mailman/listinfo/netfilter>,<mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
>Errors-To: netfilter-bounces@lists.netfilter.org
>Return-Path: netfilter-bounces@lists.netfilter.org
>
>
>Hi,
>Thanks for quick reply. My Iptables rule is enabled as a module. Yes i am
>loading the module for this i am doing
>
>modprobe ip_tables
>insmod ./ipt_nth.ko
>Than after applying rule iptables -A PREROUTING -i eth0 -p tcp --dport 80
>-m state
>--state NEW -m nth --counter 0 --every 4 --packet 0 -j DNAT
>It is working fine
>
>But iptables rule for Load Balancing with random is not working. still
>giving error
>iptables: No chain/target/match by that name
>
>Can i enable this rule in my kernel.....
>
>
>Thanks....
>
>>--
>
>>From: "John A. Sullivan III" <jsullivan@opensourcedevel.com>
>>To: Amresh Kumar <amresh_srivastava@hotmail.com>
>>CC: netfilter@lists.netfilter.org
>>Subject: Re: iptables: No chain/target/match by that name
>>Date: Sat, 07 Jan 2006 13:50:10 -0500
>>MIME-Version: 1.0
>>Received: from itza.net ([198.77.208.51]) by
>>bay0-mc12-f10.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Sat,
>>7 Jan 2006 10:50:38 -0800
>>Received: from [192.168.223.201] (unverified [24.75.251.186]) by itza.net
>>(ITZA Company Hosting Services - http://www.itza.net) with ESMTP id
>>14066248 for multiple; Sat, 07 Jan 2006 13:50:25 -0500
>>X-Message-Info: JGTYoYF78jHLwkyVEn2eatAFdoqg5YYBiazxjq0B+qw=
>>Return-Path: <jsullivan@opensourcedevel.com>
>>References: <BAY105-F281A346E9A68ED0764F10F9E200@phx.gbl>
>>X-Mailer: Evolution 2.2.3 (2.2.3-2.fc4) X-Server: High Performance Mail
>>Server - http://surgemail.com r=-670927196
>>X-Avast: Message is clean
>>X-IP-stats: Incoming Last 0, First 70, in=193, out=0, spam=0
>>X-External-IP: 24.75.251.186
>>X-OriginalArrivalTime: 07 Jan 2006 18:50:38.0487 (UTC)
>>FILETIME=[40476270:01C613BB]
>>
>>On Sat, 2006-01-07 at 12:42 +0530, Amresh Kumar wrote:
>> > Hi ,
>> >
>> > I am using iptables rule for Load Balancing with random* or nth but i
>>am
>> > getting the error
>> >
>> > iptables: No chain/target/match by that name
>> >
>> > iptables rule : iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m
>>state
>> > --state NEW -m nth --counter 0 --every 4 --packet 0 -j DNAT
>> > --to-destination 192.168.0.5:80
>> >
>> > iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW
>>-m
>> > random --average 25 -j DNAT --to-destination 192.168.0.5:80
>> >
>> > My kernel version is 2.6.9-5.0.3.EL
>> > Iptable version = iptables v1.3.4
>> >
>> > can anyone explain.
>> >
>> > Thanks..
>><snip>
>>Is it enabled in the kernel or as a module? If as a module, is it
>>loaded? - John
>>--
>>John A. Sullivan III
>>Open Source Development Corporation
>>+1 207-985-7880
>>jsullivan@opensourcedevel.com
>>
>>If you would like to participate in the development of an open source
>>enterprise class network security management system, please visit
>>http://iscs.sourceforge.net
>>
>
>_________________________________________________________________
>How good are you in a Formula One car? Play now
>http://server1.msn.co.in/sp05/tataracing/onlinegame.asp
>
>
_________________________________________________________________
Shah Rukh fan? Know all about the Baadshah of Bollywood. On MSN Search
http://server1.msn.co.in/profile/shahrukh.asp
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: iptables: No chain/target/match by that name (detailed)
2006-01-11 14:42 iptables: No chain/target/match by that name (detailed) Randy Grimshaw
@ 2006-01-11 15:05 ` Rob Sterenborg
2006-01-12 23:31 ` Sorin Panca
0 siblings, 1 reply; 4+ messages in thread
From: Rob Sterenborg @ 2006-01-11 15:05 UTC (permalink / raw)
To: netfilter
On Wed, January 11, 2006 15:42, Randy Grimshaw wrote:
> I believe you need to specify the chain i.e.:
You mean "table" (which is what you added) ?
> iptables -t filter -A INPUT -p icmp --icmp-type echo-request -m nth
> --every 2 -j DROP
"-t filter" is assumed if not specified.
>> "iptables -A INPUT -p icmp --icmp-type echo-request -m nth --every 2
>> -j DROP"
>>
>> It throws a message "iptables: No chain/target/match by that name".
Using kernel 2.6.15 I'm having problems too when compiling nth.
Actually, I'm seeing more things : 2.6.15 (vanilla) has NF
functionality that POM doesn't recognize and offers to install a patch
for (I thought pptp is an example).
Also, for example, in 2.4.31 I tried to patch for NOTRACK but POM says
: no raw table. But I was't offered to install the raw table patch.
Gr,
Rob
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: iptables: No chain/target/match by that name (detailed)
2006-01-11 15:05 ` Rob Sterenborg
@ 2006-01-12 23:31 ` Sorin Panca
0 siblings, 0 replies; 4+ messages in thread
From: Sorin Panca @ 2006-01-12 23:31 UTC (permalink / raw)
Cc: netfilter
Hi Amresh Kumar!
The PREROUTING and POSTROUTING chains exist only in nat or mangle
tables. So add iptables -t nat or iptables -t mangle
> iptables rule : iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m state
> --state NEW -m nth --counter 0 --every 4 --packet 0 -j DNAT
> --to-destination 192.168.0.5:80
>
> iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m
> random --average 25 -j DNAT --to-destination 192.168.0.5:80
>
>
The above rules would be for the nat table.
HTH
Sorin
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2006-01-12 23:31 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-01-11 14:42 iptables: No chain/target/match by that name (detailed) Randy Grimshaw
2006-01-11 15:05 ` Rob Sterenborg
2006-01-12 23:31 ` Sorin Panca
-- strict thread matches above, loose matches on Subject: below --
2006-01-09 7:21 iptables: No chain/target/match by that name Amresh Kumar
2006-01-11 10:21 ` iptables: No chain/target/match by that name (detailed) Amresh Kumar
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox