Loading ...
Sorry, an error occurred while loading the content.
 

Re: Problem with destination port of iptables on SlugOS 4.8

Expand Messages
  • hugodeluna
    I was having the same problem. After spending several hours searching for a solution and not able to find anything, I went to my ubuntu box and started
    Message 1 of 2 , May 5 8:30 PM
      I was having the same problem. After spending several hours searching for a solution and not able to find anything, I went to my ubuntu box and started comparing both systems. I'm currently using SlugOS BE 5.3.

      The solution is to install and load the xt_tcpudp kernel module. After doing that, using --dport was no longer a problem.

      root@nslu2:~# lsmod | grep ip
      iptable_filter 928 1
      ip_tables 7760 1 iptable_filter
      ipt_REJECT 1536 1
      x_tables 6884 3 ip_tables,xt_tcpudp,ipt_REJECT

      -- BEFORE --
      root@nslu2:~# iptables -A INPUT -s 200.200.201.0/24 -p tcp --dport 22 -j ACCEPT
      iptables: No chain/target/match by that name

      -- AFTER --
      root@nslu2:~# iptables -A INPUT -s 200.200.201.0/24 -p tcp --dport 23 -j REJECT
      root@nslu2:~# iptables -L -v | head -n3
      Chain INPUT (policy ACCEPT 591 packets, 51463 bytes)
      pkts bytes target prot opt in out source destination
      0 0 REJECT tcp -- any any 200.200.201.0/24 anywhere tcp dpt:telnet reject-with icmp-port-unreachable


      --- In nslu2-linux@yahoogroups.com, "cbraun000" <selftoelicker@...> wrote:
      >
      > Hi all,
      >
      > I have a little problem with iptables on my slug. I installed the
      > kernel-module-ip-tables, kernel-module-iptable-filtera and iptables
      > packages using ipkg. Everything seems to work. I can write some simple
      > rules.
      >
      > The problem arises when I want to specify a destination port in one
      > rule. For exemple, I want to open port 22 (SSH) to only address
      > 192.168.0.5. I set up the rule as follows:
      >
      > iptables -A INPUT -s 192.168.0.5 -p tcp --dport 22 -j ACCEPT
      >
      > and I get the following error:
      >
      > iptables: No chain/target/match by that name.
      >
      >
      > By process of elimination, I found out it is the --dport argument that
      > is not accepted. Any idea why? Am I missing some module that I should
      > add. lsmod shows that I already have iptable_filter, ip_tables and
      > x_tables modules loaded.
      >
      > Have a nice day.
      >
    Your message has been successfully submitted and would be delivered to recipients shortly.