Solved

IPTABLES configuration

Posted on 2008-10-25
11
831 Views
Last Modified: 2013-12-06
Hello.

I'm trying to setup my iptables configuration on my VPS.

I want to allow inbound ftp/https and ssh connections, so i have the following rules setup

-A INPUT -i venet0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i venet0 -p udp -m udp --dport 21 -j ACCEPT
-A INPUT -i venet0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i venet0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i venet0 -p icmp -j ACCEPT
-A INPUT -i venet0 -j REJECT --reject-with icmp-port-unreachable

I also want to allow ALL outbound traffic from the box.
the problem is that when i enter

-A INPUT -i venet0 -m state --state ESTABLISHED,RELATED -j ACCEPT

i get a "
iptables: No chain/target/match by that name
"

Anyone has any clues?
0
Comment
Question by:heckyEXPERT
  • 5
  • 4
  • 2
11 Comments
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 22804177
Please print out

iptables -nL
0
 

Author Comment

by:heckyEXPERT
ID: 22804287
here is the prinout.

I have removed the
-A INPUT -i venet0 -j REJECT --reject-with icmp-port-unreachable
in order to have outbound connections.


[root@hbook sysconfig]# iptables -nL

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:21

ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0          udp dpt:21

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:22

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:443

ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
 

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination
 

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

[root@hbook sysconfig]#

Open in new window

0
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 22804535
what do you get when you execute


iptables -A INPUT -i venet0 -m state --state ESTABLISHED,RELATED -j ACCEPT
0
 

Author Comment

by:heckyEXPERT
ID: 22804607



[root@hbook conf]# iptables -A INPUT -i venet0 -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables: No chain/target/match by that name

[root@hbook conf]#

Open in new window

0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22805533
You dont need to type
vent0

try this , it will automaticaly appy to related Nic card, etho or venet or...

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

check this one
http://www.experts-exchange.com/OS/Linux/Administration/Q_23835899.html
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:heckyEXPERT
ID: 22806368

[root@hbook root]# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables: No chain/target/match by that name

[root@hbook root]# iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables: No chain/target/match by that name

[root@hbook root]#

Open in new window

0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22806488
ok
check this one for theoritical view of this problem
http://www.faqs.org/docs/iptables/commonproblems.html 

and check this one for similier --state problem

http://www.usenet-forums.com/linux-networking/65172-iptables-no-chain-target-match-name.html

you might now have ipt_states modules installed, thats why you are having this problem

let me check some documentaion on net
0
 
LVL 29

Accepted Solution

by:
fosiul01 earned 500 total points
ID: 22806502
to solve this problem, you might need to recompile your kernel and have to add ipt_states module

i am trying to get a workable solution for you from net.

if  this is not your production server, then can you reinsall iptables, and intall iptable again by using yum command

it might recompile the kenel again with ipt_states module.
yum iptables install.

or i am trying to find  out a solution..
0
 

Author Comment

by:heckyEXPERT
ID: 22807339
fosiul01. I compiled and installed the latest iptables version (1.4.2) , but i still get the same error.

lsmod returns no modules, also /proc/modules is empty, so i'm assuming ipt_states module is not installed.

This VPS is still not in production environment, so i'm willing to recompile it in order to include the ipt_states module.

Can you please give me any information on how to do it without screwing up the system and having to wait 1 week for tech support from my host? thank you
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22807694
hi plese give me time. As i m nt infront of pc. I wil digg into more tonite.
0
 

Author Closing Comment

by:heckyEXPERT
ID: 31509977
I'm closing this question as i've decided to move to a different VPS host, which offers a CENTos5, where i will be able to manage and maintain the server. I'm giving fosiul  the answer because he pointed out the kernel modules required for iptables.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In order for businesses to be compliant with certain information security laws in some countries, you need to be able to prove that a user (which user it was becomes important to the business to take action against the user after an event has occurr…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now