Solved

IPTABLES configuration

Posted on 2008-10-25
11
834 Views
Last Modified: 2013-12-06
Hello.

I'm trying to setup my iptables configuration on my VPS.

I want to allow inbound ftp/https and ssh connections, so i have the following rules setup

-A INPUT -i venet0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i venet0 -p udp -m udp --dport 21 -j ACCEPT
-A INPUT -i venet0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i venet0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i venet0 -p icmp -j ACCEPT
-A INPUT -i venet0 -j REJECT --reject-with icmp-port-unreachable

I also want to allow ALL outbound traffic from the box.
the problem is that when i enter

-A INPUT -i venet0 -m state --state ESTABLISHED,RELATED -j ACCEPT

i get a "
iptables: No chain/target/match by that name
"

Anyone has any clues?
0
Comment
Question by:heckyEXPERT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 22804177
Please print out

iptables -nL
0
 

Author Comment

by:heckyEXPERT
ID: 22804287
here is the prinout.

I have removed the
-A INPUT -i venet0 -j REJECT --reject-with icmp-port-unreachable
in order to have outbound connections.

[root@hbook sysconfig]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:21
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0          udp dpt:21
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:443
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@hbook sysconfig]#

Open in new window

0
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 22804535
what do you get when you execute


iptables -A INPUT -i venet0 -m state --state ESTABLISHED,RELATED -j ACCEPT
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 

Author Comment

by:heckyEXPERT
ID: 22804607


[root@hbook conf]# iptables -A INPUT -i venet0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name
[root@hbook conf]#

Open in new window

0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22805533
You dont need to type
vent0

try this , it will automaticaly appy to related Nic card, etho or venet or...

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

check this one
http://www.experts-exchange.com/OS/Linux/Administration/Q_23835899.html
0
 

Author Comment

by:heckyEXPERT
ID: 22806368

[root@hbook root]# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name
[root@hbook root]# iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name
[root@hbook root]#

Open in new window

0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22806488
ok
check this one for theoritical view of this problem
http://www.faqs.org/docs/iptables/commonproblems.html 

and check this one for similier --state problem

http://www.usenet-forums.com/linux-networking/65172-iptables-no-chain-target-match-name.html

you might now have ipt_states modules installed, thats why you are having this problem

let me check some documentaion on net
0
 
LVL 29

Accepted Solution

by:
fosiul01 earned 500 total points
ID: 22806502
to solve this problem, you might need to recompile your kernel and have to add ipt_states module

i am trying to get a workable solution for you from net.

if  this is not your production server, then can you reinsall iptables, and intall iptable again by using yum command

it might recompile the kenel again with ipt_states module.
yum iptables install.

or i am trying to find  out a solution..
0
 

Author Comment

by:heckyEXPERT
ID: 22807339
fosiul01. I compiled and installed the latest iptables version (1.4.2) , but i still get the same error.

lsmod returns no modules, also /proc/modules is empty, so i'm assuming ipt_states module is not installed.

This VPS is still not in production environment, so i'm willing to recompile it in order to include the ipt_states module.

Can you please give me any information on how to do it without screwing up the system and having to wait 1 week for tech support from my host? thank you
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22807694
hi plese give me time. As i m nt infront of pc. I wil digg into more tonite.
0
 

Author Closing Comment

by:heckyEXPERT
ID: 31509977
I'm closing this question as i've decided to move to a different VPS host, which offers a CENTos5, where i will be able to manage and maintain the server. I'm giving fosiul  the answer because he pointed out the kernel modules required for iptables.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating a Samba server for a small office. Ubuntu Linux and Samba can breathe new life into a retired PC and save an office money on new hardware/software. Our example server will have two hard disks, one exclusively for storing shared data. …
The purpose of this article is to show how we can create Linux Mint virtual machine using Oracle Virtual Box. To install Linux Mint we have to download the ISO file from its website i.e. http://www.linuxmint.com. Once you open the link you will see …
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question