Hello,
I'm having problem with an iptables rule. It seems that on one of two systems on the nat table, the INPUT chain doesn't exist for some strange reason.
I get the error below:
# iptables -t nat -A INPUT -j ACCEPT
iptables: No chain/target/match by that name.
Here is my kernel on the Linux Mint Debian Edition sytems (based on Debian testing):
# uname -a
Linux dell-desktop 2.6.32-5-amd64 #1 SMP Mon Mar 7 21:35:22 UTC 2011 x86_64 GNU/Linux
I have two systems that I have installed exactly that same (at least so I thought). Only one will throw the above error. The good system shows:
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
However, the offending system shows:
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
As far as loaded modules different that I looked for on the good system :
# lsmod| grep ip
ipt_REJECT 12465 0
ipt_LOG 12605 0
ipt_REDIRECT 12471 0
iptable_mangle 12536 0
iptable_nat 12928 0
nf_nat 18012 2 ipt_REDIRECT,iptable_nat
nf_conntrack_ipv4 18081 3 iptable_nat,nf_nat
nf_conntrack 55903 5 xt_conntrack,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_defrag_ipv4 12483 1 nf_conntrack_ipv4
iptable_filter 12536 0
ip_tables 21818 3 iptable_mangle,iptable_nat,iptable_filter
x_tables 18839 11 xt_conntrack,ipt_REJECT,ipt_LOG,xt_state,ipt_REDIRECT,xt_tcpudp,xt_owner,iptable_mangle,iptable_nat,iptable_filter,ip_tables
Bad system:
# lsmod | grep ip
ipt_REJECT 1953 0
ipt_LOG 4518 0
ipt_REDIRECT 1111 0
iptable_mangle 2817 0
iptable_nat 4299 0
nf_nat 13388 2 ipt_REDIRECT,iptable_nat
nf_conntrack_ipv4 9833 3 iptable_nat,nf_nat
nf_conntrack 46535 4 xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_defrag_ipv4 1139 1 nf_conntrack_ipv4
iptable_filter 2258 0
ip_tables 13899 3 iptable_mangle,iptable_nat,iptable_filter
x_tables 12845 8 ipt_REJECT,ipt_LOG,xt_state,ipt_REDIRECT,xt_tcpudp,xt_owner,iptable_nat,ip_tables
Good system:
# lsmod| grep xt
xt_conntrack 12599 0
xt_state 12503 0
xt_tcpudp 12527 0
xt_owner 12423 0
nf_conntrack 55903 5 xt_conntrack,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
x_tables 18839 11 xt_conntrack,ipt_REJECT,ipt_LOG,xt_state,ipt_REDIRECT,xt_tcpudp,xt_owner,iptable_mangle,iptable_nat,iptable_filter,ip_tables
ext3 112218 2
jbd 41698 1 ext3
mbcache 12930 1 ext3
Bad system:
# lsmod |grep xt
xt_state 1303 0
xt_tcpudp 2319 0
xt_owner 1063 0
nf_conntrack 46535 4 xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
x_tables 12845 8 ipt_REJECT,ipt_LOG,xt_state,ipt_REDIRECT,xt_tcpudp,xt_owner,iptable_nat,ip_tables
ext3 106518 2
jbd 37085 1 ext3
mbcache 5050 1 ext3
The only thing different is on the offending system xt_conntrack is not loaded. Manually loading this module does not fix the issue.
Could someone please tell me how to get the INPUT chain on my nat table?
Thanks,
Narnie
---------- Post updated 11-03-11 at 03:20 PM ---------- Previous update was 11-02-11 at 07:06 PM ----------
I found my problem. I was getting rid of a broken package with Linux Mint Debian (initramfs-tools, which won't install correctly and is optional) and it took my kernel back from this kernel:
$ uname -a
Linux gateway-laptop 2.6.38-2-amd64 #1 SMP Sun May 8 13:51:57 UTC 2011 x86_64 GNU/Linux
to the kernel above. In the time between, the INPUT chain has been added to the nat tables.
I'm marking this as solved.
Kind Regards,
Narnie