Mailing List Archive: iptables: User

problem with postrouting chain

Index | Next | Previous | View Threaded

zuniga at baibrama

Jul 27, 2007, 3:14 AM

Post #1 of 3 (876 views)
Permalink

problem with postrouting chain

Hi:

I'm running pre compilied 2.6.18-4 kernel on debian etch.

I=B4ve load this modules:

ip_nat_irc
ip_conntrack_irc
iptable_nat
ip_tables
ip_nat_ftp
ip_nat
ip_conntrack_ftp
ip_conntrack

When I try to run this rules:

/sbin/iptables -A POSTROUTING -s 192.168.1.0/24 -d XXX.XXX.XXX.XXX -o=20
YYY.YYY.YYY.YYY -p tcp -m tcp --dport 110 -j SNAT --to-source=20
YYY.YYY.YYY.YYY

I get this error.

iptables: No chain/target/match by that name

If I insert chain type: INPUT, OUTPUT or FORWARD they run without problem.

What's happen exactly???? There's a problem in kernel?

Thanks

Zng

Buzer at buzer

Jul 27, 2007, 9:16 AM

Post #2 of 3 (819 views)
Permalink

Re: problem with postrouting chain [In reply to]

Add "-t nat" before -A POSTROUTING

jose a. zúñiga <zuniga [at] baibrama> kirjoitti Fri, 27 Jul 2007
13:14:12 +0300:

> Hi:
>
> I'm running pre compilied 2.6.18-4 kernel on debian etch.
>
> I=B4ve load this modules:
>
> ip_nat_irc
> ip_conntrack_irc
> iptable_nat
> ip_tables
> ip_nat_ftp
> ip_nat
> ip_conntrack_ftp
> ip_conntrack
>
> When I try to run this rules:
>
> /sbin/iptables -A POSTROUTING -s 192.168.1.0/24 -d XXX.XXX.XXX.XXX -o=20
> YYY.YYY.YYY.YYY -p tcp -m tcp --dport 110 -j SNAT --to-source=20
> YYY.YYY.YYY.YYY
>
> I get this error.
>
> iptables: No chain/target/match by that name
>
> If I insert chain type: INPUT, OUTPUT or FORWARD they run without
> problem.
>
> What's happen exactly???? There's a problem in kernel?
>
> Thanks
>
> Zng
>
>

pascal.mail at plouf

Jul 28, 2007, 3:36 AM

Post #3 of 3 (827 views)
Permalink

Re: problem with postrouting chain [In reply to]

Hello

Eljas Alakulppi a écrit :
> jose a. zúñiga <zuniga [at] baibrama> kirjoitti Fri, 27 Jul 2007
> 13:14:12 +0300:
>>
>> When I try to run this rules:
>>
>> /sbin/iptables -A POSTROUTING -s 192.168.1.0/24 -d XXX.XXX.XXX.XXX -o=20
>> YYY.YYY.YYY.YYY -p tcp -m tcp --dport 110 -j SNAT --to-source=20
>> YYY.YYY.YYY.YYY

I suppose that the =20 are not really part of the rule but probably the
trace of some quoted-printable encoding.

>> I get this error.
>>
>> iptables: No chain/target/match by that name
>>
> Add "-t nat" before -A POSTROUTING

Also, the -o option takes an interface name (eth0, ppp0...), not an IP
address. However iptables does not check that the specified interface
name actually exists. So this rule is not likely to match anything.

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads