Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[Solved] iptables going crazy
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
cudeso
n00b
n00b


Joined: 10 Dec 2003
Posts: 36
Location: Brugge
PostPosted: Sun Jun 17, 2007 12:53 am    Post subject: [Solved] iptables going crazy Reply with quote
Hi,

I'm running a 2.6.20-gentoo-r8 kernel on a fresh machine. I have this weird problem:

Code:
apophis ~ # iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name
apophis ~ # modprobe xt_state
apophis ~ # iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Invalid argument


The kernel is compiled with (modules) state, conntrack and all possible related modules. I've reinstalled iptables (v1.3.5) after rebooting from the kernel. Does anyone has a clue where the "Invalid argument" comes from? Any help would be very appreciated.

Last edited by cudeso on Sun Jun 17, 2007 11:47 am; edited 1 time in total
Back to top
View user's profile Send private message
gsoe
Apprentice
Apprentice


Joined: 10 Dec 2006
Posts: 289
Location: Denmark
PostPosted: Sun Jun 17, 2007 2:44 am    Post subject: Reply with quote
Well, if you also loaded those "all possible related modules", it should certainly work. :P
The command works fine for me with these modules:
Code:
x_tables ip_tables iptable-filter ipt_REJECT nf_conntrack nf_conntrack_ipv4 xt_state
Here's a little script I use to load and unload modules, when I'm working with iptables:
Code:
#!/bin/sh

MODULES="x_tables ip_tables iptable-filter ipt_REJECT xt_tcpudp \
nf_conntrack nf_conntrack_ipv4 xt_state"

if [[ $1 = -u ]] ; then
        for i in $MODULES ; do
                REVERSE="$i $REVERSE"
        done
        iptables -F
        echo "Flushing iptables rules"
        iptables -P INPUT ACCEPT
        iptables -P OUTPUT ACCEPT
        iptables -P FORWARD ACCEPT
        echo "Resetting policies to ACCEPT"
        for j in $REVERSE ; do
                echo "Removing module $j"
                rmmod $j
        done
fi

if [[ $1 = "" ]] ; then
        for i in $MODULES ; do
                modprobe $i
        done
fi
Back to top
View user's profile Send private message
cudeso
n00b
n00b


Joined: 10 Dec 2003
Posts: 36
Location: Brugge
PostPosted: Sun Jun 17, 2007 11:46 am    Post subject: Reply with quote
I had not included nf_conntrack_ipv4 in the list of modules to load. Only nf_conntrack was loaded. My mistake.
I guess my list of "all possible related modules" was not that complete after all! Thanks for the info!! It's been a while since I've used iptables and if my memory is not mistaken, the ipv4 conntrack module is something new (compared to ... say ... three years ago).
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy