Solved

IPTABLES configuration

Posted on 2008-10-25
11
833 Views
Last Modified: 2013-12-06
Hello.

I'm trying to setup my iptables configuration on my VPS.

I want to allow inbound ftp/https and ssh connections, so i have the following rules setup

-A INPUT -i venet0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i venet0 -p udp -m udp --dport 21 -j ACCEPT
-A INPUT -i venet0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i venet0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i venet0 -p icmp -j ACCEPT
-A INPUT -i venet0 -j REJECT --reject-with icmp-port-unreachable

I also want to allow ALL outbound traffic from the box.
the problem is that when i enter

-A INPUT -i venet0 -m state --state ESTABLISHED,RELATED -j ACCEPT

i get a "
iptables: No chain/target/match by that name
"

Anyone has any clues?
0
Comment
Question by:heckyEXPERT
  • 5
  • 4
  • 2
11 Comments
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 22804177
Please print out

iptables -nL
0
 

Author Comment

by:heckyEXPERT
ID: 22804287
here is the prinout.

I have removed the
-A INPUT -i venet0 -j REJECT --reject-with icmp-port-unreachable
in order to have outbound connections.

[root@hbook sysconfig]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:21
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0          udp dpt:21
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:443
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@hbook sysconfig]#

Open in new window

0
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 22804535
what do you get when you execute


iptables -A INPUT -i venet0 -m state --state ESTABLISHED,RELATED -j ACCEPT
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 

Author Comment

by:heckyEXPERT
ID: 22804607


[root@hbook conf]# iptables -A INPUT -i venet0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name
[root@hbook conf]#

Open in new window

0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22805533
You dont need to type
vent0

try this , it will automaticaly appy to related Nic card, etho or venet or...

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

check this one
http://www.experts-exchange.com/OS/Linux/Administration/Q_23835899.html
0
 

Author Comment

by:heckyEXPERT
ID: 22806368

[root@hbook root]# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name
[root@hbook root]# iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name
[root@hbook root]#

Open in new window

0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22806488
ok
check this one for theoritical view of this problem
http://www.faqs.org/docs/iptables/commonproblems.html 

and check this one for similier --state problem

http://www.usenet-forums.com/linux-networking/65172-iptables-no-chain-target-match-name.html

you might now have ipt_states modules installed, thats why you are having this problem

let me check some documentaion on net
0
 
LVL 29

Accepted Solution

by:
fosiul01 earned 500 total points
ID: 22806502
to solve this problem, you might need to recompile your kernel and have to add ipt_states module

i am trying to get a workable solution for you from net.

if  this is not your production server, then can you reinsall iptables, and intall iptable again by using yum command

it might recompile the kenel again with ipt_states module.
yum iptables install.

or i am trying to find  out a solution..
0
 

Author Comment

by:heckyEXPERT
ID: 22807339
fosiul01. I compiled and installed the latest iptables version (1.4.2) , but i still get the same error.

lsmod returns no modules, also /proc/modules is empty, so i'm assuming ipt_states module is not installed.

This VPS is still not in production environment, so i'm willing to recompile it in order to include the ipt_states module.

Can you please give me any information on how to do it without screwing up the system and having to wait 1 week for tech support from my host? thank you
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 22807694
hi plese give me time. As i m nt infront of pc. I wil digg into more tonite.
0
 

Author Closing Comment

by:heckyEXPERT
ID: 31509977
I'm closing this question as i've decided to move to a different VPS host, which offers a CENTos5, where i will be able to manage and maintain the server. I'm giving fosiul  the answer because he pointed out the kernel modules required for iptables.
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question