IPTables: "No chain/target/match by that name"

Discussion in 'Linux Networking' started by Martin Herbert Dietze, Jan 11, 2005.

  1. Hello,

    on my system (Debian unstable, kernel 2.6.8), I don't get this
    simple iptables script running:

    | IPTABLES=/sbin/iptables
    |
    | $IPTABLES -F
    | $IPTABLES -X
    | $IPTABLES -Z
    |
    | $IPTABLES -P INPUT ACCEPT
    | $IPTABLES -P OUTPUT ACCEPT
    | $IPTABLES -P FORWARD ACCEPT
    |
    | $IPTABLES -N ilocal
    | $IPTABLES -N olocal
    |
    | $IPTABLES -A INPUT -j ilocal -i eth0
    | $IPTABLES -A OUTPUT -j olocal -o eth0
    |
    | $IPTABLES -v -A ilocal -m state --state ESTABLISHED,RELATED -j ACCEPT

    At the last line I get this error:

    | ACCEPT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED
    | iptables: No chain/target/match by that name

    My kernel configuration contains these IP_NF-related options:

    | CONFIG_IP_NF_CONNTRACK=y
    | CONFIG_IP_NF_FTP=y
    | CONFIG_IP_NF_IRC=y
    | CONFIG_IP_NF_TFTP=y
    | CONFIG_IP_NF_AMANDA=y
    | CONFIG_IP_NF_QUEUE=y
    | CONFIG_IP_NF_IPTABLES=y
    | CONFIG_IP_NF_MATCH_LIMIT=y
    | CONFIG_IP_NF_MATCH_IPRANGE=y
    | CONFIG_IP_NF_MATCH_MAC=y
    | CONFIG_IP_NF_MATCH_PKTTYPE=y
    | CONFIG_IP_NF_MATCH_MARK=y
    | CONFIG_IP_NF_MATCH_MULTIPORT=y
    | CONFIG_IP_NF_MATCH_TOS=y
    | CONFIG_IP_NF_MATCH_RECENT=y
    | CONFIG_IP_NF_MATCH_ECN=y
    | CONFIG_IP_NF_MATCH_DSCP=y
    | CONFIG_IP_NF_MATCH_AH_ESP=y
    | CONFIG_IP_NF_MATCH_LENGTH=y
    | CONFIG_IP_NF_MATCH_TTL=y
    | CONFIG_IP_NF_MATCH_TCPMSS=y
    | CONFIG_IP_NF_MATCH_OWNER=y
    | CONFIG_IP_NF_FILTER=y
    | CONFIG_IP_NF_TARGET_REJECT=y
    | CONFIG_IP_NF_NAT=y
    | CONFIG_IP_NF_NAT_NEEDED=y
    | CONFIG_IP_NF_TARGET_MASQUERADE=y
    | CONFIG_IP_NF_TARGET_REDIRECT=y
    | CONFIG_IP_NF_TARGET_NETMAP=y
    | CONFIG_IP_NF_TARGET_SAME=y
    | CONFIG_IP_NF_NAT_IRC=y
    | CONFIG_IP_NF_NAT_FTP=y
    | CONFIG_IP_NF_NAT_TFTP=y
    | CONFIG_IP_NF_NAT_AMANDA=y

    Any idea what is going wrong?

    Cheers,

    Martin
     
    Martin Herbert Dietze, Jan 11, 2005
    #1
    1. Advertisements

  2. Found it! Just for the archive:

    This requires the `ipt_states' module. I did not have it
    with my custom-built kernel.

    Cheers,

    Martin
     
    Martin Herbert Dietze, Jan 11, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.