Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 850
  • Last Modified:

IPTABLES configuration

Hello.

I'm trying to setup my iptables configuration on my VPS.

I want to allow inbound ftp/https and ssh connections, so i have the following rules setup

-A INPUT -i venet0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i venet0 -p udp -m udp --dport 21 -j ACCEPT
-A INPUT -i venet0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i venet0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i venet0 -p icmp -j ACCEPT
-A INPUT -i venet0 -j REJECT --reject-with icmp-port-unreachable

I also want to allow ALL outbound traffic from the box.
the problem is that when i enter

-A INPUT -i venet0 -m state --state ESTABLISHED,RELATED -j ACCEPT

i get a "
iptables: No chain/target/match by that name
"

Anyone has any clues?
0
heckyEXPERT
Asked:
heckyEXPERT
  • 5
  • 4
  • 2
1 Solution
 
http:// thevpn.guruCommented:
Please print out

iptables -nL
0
 
heckyEXPERTAuthor Commented:
here is the prinout.

I have removed the
-A INPUT -i venet0 -j REJECT --reject-with icmp-port-unreachable
in order to have outbound connections.

[root@hbook sysconfig]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:21
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0          udp dpt:21
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:443
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@hbook sysconfig]#

Open in new window

0
 
http:// thevpn.guruCommented:
what do you get when you execute


iptables -A INPUT -i venet0 -m state --state ESTABLISHED,RELATED -j ACCEPT
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
heckyEXPERTAuthor Commented:


[root@hbook conf]# iptables -A INPUT -i venet0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name
[root@hbook conf]#

Open in new window

0
 
fosiul01Commented:
You dont need to type
vent0

try this , it will automaticaly appy to related Nic card, etho or venet or...

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

check this one
http://www.experts-exchange.com/OS/Linux/Administration/Q_23835899.html
0
 
heckyEXPERTAuthor Commented:

[root@hbook root]# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name
[root@hbook root]# iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name
[root@hbook root]#

Open in new window

0
 
fosiul01Commented:
ok
check this one for theoritical view of this problem
http://www.faqs.org/docs/iptables/commonproblems.html 

and check this one for similier --state problem

http://www.usenet-forums.com/linux-networking/65172-iptables-no-chain-target-match-name.html

you might now have ipt_states modules installed, thats why you are having this problem

let me check some documentaion on net
0
 
fosiul01Commented:
to solve this problem, you might need to recompile your kernel and have to add ipt_states module

i am trying to get a workable solution for you from net.

if  this is not your production server, then can you reinsall iptables, and intall iptable again by using yum command

it might recompile the kenel again with ipt_states module.
yum iptables install.

or i am trying to find  out a solution..
0
 
heckyEXPERTAuthor Commented:
fosiul01. I compiled and installed the latest iptables version (1.4.2) , but i still get the same error.

lsmod returns no modules, also /proc/modules is empty, so i'm assuming ipt_states module is not installed.

This VPS is still not in production environment, so i'm willing to recompile it in order to include the ipt_states module.

Can you please give me any information on how to do it without screwing up the system and having to wait 1 week for tech support from my host? thank you
0
 
fosiul01Commented:
hi plese give me time. As i m nt infront of pc. I wil digg into more tonite.
0
 
heckyEXPERTAuthor Commented:
I'm closing this question as i've decided to move to a different VPS host, which offers a CENTos5, where i will be able to manage and maintain the server. I'm giving fosiul  the answer because he pointed out the kernel modules required for iptables.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now