Solved

IPTABLES configuration

Posted on 2008-10-25
11
836 Views
Last Modified: 2013-12-06
Hello.

I'm trying to setup my iptables configuration on my VPS.

I want to allow inbound ftp/https and ssh connections, so i have the following rules setup

-A INPUT -i venet0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i venet0 -p udp -m udp --dport 21 -j ACCEPT
-A INPUT -i venet0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i venet0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i venet0 -p icmp -j ACCEPT
-A INPUT -i venet0 -j REJECT --reject-with icmp-port-unreachable

I also want to allow ALL outbound traffic from the box.
the problem is that when i enter

-A INPUT -i venet0 -m state --state ESTABLISHED,RELATED -j ACCEPT

i get a "
iptables: No chain/target/match by that name
"

Anyone has any clues?
0
Comment
Question by:heckyEXPERT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 22804177
Please print out

iptables -nL
0
 

Author Comment

by:heckyEXPERT
ID: 22804287
here is the prinout.

I have removed the
-A INPUT -i venet0 -j REJECT --reject-with icmp-port-unreachable
in order to have outbound connections.

[root@hbook sysconfig]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:21
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0          udp dpt:21
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:443
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@hbook sysconfig]#

Open in new window

0
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 22804535
what do you get when you execute


iptables -A INPUT -i venet0 -m state --state ESTABLISHED,RELATED -j ACCEPT
0
Tutorials alone can't teach real engineering

So we built better training tools.

-Hands-on Labs
-Instructor Mentoring
-Scenario-Based Tests
-Dedicated Cloud Servers

All at your fingertips. What are you waiting for?

 

Author Comment

by:heckyEXPERT
ID: 22804607


[root@hbook conf]# iptables -A INPUT -i venet0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name
[root@hbook conf]#

Open in new window

0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22805533
You dont need to type
vent0

try this , it will automaticaly appy to related Nic card, etho or venet or...

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

check this one
http://www.experts-exchange.com/OS/Linux/Administration/Q_23835899.html
0
 

Author Comment

by:heckyEXPERT
ID: 22806368

[root@hbook root]# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name
[root@hbook root]# iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name
[root@hbook root]#

Open in new window

0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22806488
ok
check this one for theoritical view of this problem
http://www.faqs.org/docs/iptables/commonproblems.html 

and check this one for similier --state problem

http://www.usenet-forums.com/linux-networking/65172-iptables-no-chain-target-match-name.html

you might now have ipt_states modules installed, thats why you are having this problem

let me check some documentaion on net
0
 
LVL 29

Accepted Solution

by:
fosiul01 earned 500 total points
ID: 22806502
to solve this problem, you might need to recompile your kernel and have to add ipt_states module

i am trying to get a workable solution for you from net.

if  this is not your production server, then can you reinsall iptables, and intall iptable again by using yum command

it might recompile the kenel again with ipt_states module.
yum iptables install.

or i am trying to find  out a solution..
0
 

Author Comment

by:heckyEXPERT
ID: 22807339
fosiul01. I compiled and installed the latest iptables version (1.4.2) , but i still get the same error.

lsmod returns no modules, also /proc/modules is empty, so i'm assuming ipt_states module is not installed.

This VPS is still not in production environment, so i'm willing to recompile it in order to include the ipt_states module.

Can you please give me any information on how to do it without screwing up the system and having to wait 1 week for tech support from my host? thank you
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22807694
hi plese give me time. As i m nt infront of pc. I wil digg into more tonite.
0
 

Author Closing Comment

by:heckyEXPERT
ID: 31509977
I'm closing this question as i've decided to move to a different VPS host, which offers a CENTos5, where i will be able to manage and maintain the server. I'm giving fosiul  the answer because he pointed out the kernel modules required for iptables.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you sitting there reading this and wondering how to get started with Linux? It almost seems like picking the right Linux distribution is about like picking the right college or buying a new car if you read some of the article out there. Relax… l…
The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question