[SOLVED] No INPUT chain on nat table in iptables


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users [SOLVED] No INPUT chain on nat table in iptables
# 1  
Old 11-03-2011
[SOLVED] No INPUT chain on nat table in iptables

Hello,

I'm having problem with an iptables rule. It seems that on one of two systems on the nat table, the INPUT chain doesn't exist for some strange reason.

I get the error below:

Code:
# iptables -t nat -A INPUT -j ACCEPT
iptables: No chain/target/match by that name.

Here is my kernel on the Linux Mint Debian Edition sytems (based on Debian testing):

Code:
# uname -a
Linux dell-desktop 2.6.32-5-amd64 #1 SMP Mon Mar 7 21:35:22 UTC 2011 x86_64 GNU/Linux

I have two systems that I have installed exactly that same (at least so I thought). Only one will throw the above error. The good system shows:

Code:
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

However, the offending system shows:

Code:
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

As far as loaded modules different that I looked for on the good system :

Code:
# lsmod| grep ip
ipt_REJECT             12465  0 
ipt_LOG                12605  0 
ipt_REDIRECT           12471  0 
iptable_mangle         12536  0 
iptable_nat            12928  0 
nf_nat                 18012  2 ipt_REDIRECT,iptable_nat
nf_conntrack_ipv4      18081  3 iptable_nat,nf_nat
nf_conntrack           55903  5 xt_conntrack,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_defrag_ipv4         12483  1 nf_conntrack_ipv4
iptable_filter         12536  0 
ip_tables              21818  3 iptable_mangle,iptable_nat,iptable_filter
x_tables               18839  11 xt_conntrack,ipt_REJECT,ipt_LOG,xt_state,ipt_REDIRECT,xt_tcpudp,xt_owner,iptable_mangle,iptable_nat,iptable_filter,ip_tables

Bad system:

Code:
# lsmod | grep ip
ipt_REJECT              1953  0 
ipt_LOG                 4518  0 
ipt_REDIRECT            1111  0 
iptable_mangle          2817  0 
iptable_nat             4299  0 
nf_nat                 13388  2 ipt_REDIRECT,iptable_nat
nf_conntrack_ipv4       9833  3 iptable_nat,nf_nat
nf_conntrack           46535  4 xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_defrag_ipv4          1139  1 nf_conntrack_ipv4
iptable_filter          2258  0 
ip_tables              13899  3 iptable_mangle,iptable_nat,iptable_filter
x_tables               12845  8 ipt_REJECT,ipt_LOG,xt_state,ipt_REDIRECT,xt_tcpudp,xt_owner,iptable_nat,ip_tables

Good system:

Code:
# lsmod| grep xt
xt_conntrack           12599  0 
xt_state               12503  0 
xt_tcpudp              12527  0 
xt_owner               12423  0 
nf_conntrack           55903  5 xt_conntrack,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
x_tables               18839  11 xt_conntrack,ipt_REJECT,ipt_LOG,xt_state,ipt_REDIRECT,xt_tcpudp,xt_owner,iptable_mangle,iptable_nat,iptable_filter,ip_tables
ext3                  112218  2 
jbd                    41698  1 ext3
mbcache                12930  1 ext3

Bad system:

Code:
# lsmod |grep xt
xt_state                1303  0 
xt_tcpudp               2319  0 
xt_owner                1063  0 
nf_conntrack           46535  4 xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
x_tables               12845  8 ipt_REJECT,ipt_LOG,xt_state,ipt_REDIRECT,xt_tcpudp,xt_owner,iptable_nat,ip_tables
ext3                  106518  2 
jbd                    37085  1 ext3
mbcache                 5050  1 ext3

The only thing different is on the offending system xt_conntrack is not loaded. Manually loading this module does not fix the issue.

Could someone please tell me how to get the INPUT chain on my nat table?

Thanks,
Narnie

---------- Post updated 11-03-11 at 03:20 PM ---------- Previous update was 11-02-11 at 07:06 PM ----------

I found my problem. I was getting rid of a broken package with Linux Mint Debian (initramfs-tools, which won't install correctly and is optional) and it took my kernel back from this kernel:

Code:
$ uname -a
Linux gateway-laptop 2.6.38-2-amd64 #1 SMP Sun May 8 13:51:57 UTC 2011 x86_64 GNU/Linux

to the kernel above. In the time between, the INPUT chain has been added to the nat tables.

I'm marking this as solved.

Kind Regards,
Narnie
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Cybersecurity

Openvpn nat and iptables

good day good people hi first to tell that firewall and vpn is working as expected, but I notice something strange. I have host system 11.11.11.11(local ip) firewall is blocking everything except port to vpn. I have vpn on virtualized system 22.22.22.22 (CentOS both host and virtual). ... (0 Replies)
Discussion started by: end
0 Replies

2. IP Networking

NAT via iptables - Won't work!!

Hi guys I'm running on debian on a small embedded system. I have a ppp interface that is connected to the internet (and works). My unit also has wifi access point (which works and I can connect to it). I want to allow connections to the wifi to be able to use the internet from ppp0... (1 Reply)
Discussion started by: alirezan1
1 Replies

3. IP Networking

Nat and packet limits with iptables

Hi all, I have a following situation: - I want certain source IPs to be natted to a different destination IP and Port. Following is how I am achieving it: /usr/local/sbin/iptables -t nat -A PREROUTING -p tcp -s 192.168.10.12 --dport 1500 -j DNAT --to-destination 192.168.10.20:2000 ... (3 Replies)
Discussion started by: ahmerin
3 Replies

4. Cybersecurity

iptables in a NAT scenario

Hi, I am learning IPTables have this question. My server is behind a firewall that does a PAT & NAT to the LAN address. Internet IP: 68.1.1.23 Port: 10022 Server LAN IP: 10.1.1.23 port: 22 Allowed Internet IPs: 131.1.1.23, 132.1.1.23 I want to allow a set of IPs are to be able to... (1 Reply)
Discussion started by: capri_guy84
1 Replies

5. UNIX for Advanced & Expert Users

Editing iptables rules with custom chain

Hello, I have iptables service running on my CentOS5 server. It has approx 50 rules right now. The problem I am facing now is as follows - I have to define a new chain in the filter table, say DOS_RULES & add all rules in this chain starting from index number 15 in the filter table. ... (1 Reply)
Discussion started by: BhushanPathak
1 Replies

6. Red Hat

NAT Loopback and iptables

Hello, please can you help and explain me. I have two servers. Both are RHEL6. I use the first one like router and the second one for apache. Router forwards 80 port on the second server and I can open that from the internet (mysite.com, for example). But I can not open mysite.com if i try to... (0 Replies)
Discussion started by: 6765656755
0 Replies

7. Ubuntu

forward packet from input chain to output

Hi, I receive a packet at input chain of iptables in filter table. How can i forward that same packet exactly to the output chain of the iptables in filter table. I need this help desperately. Thanks. (0 Replies)
Discussion started by: arsipk
0 Replies

8. Debian

Iptables Nat forward port 29070

Hello, the Nat and the forward worked on my debian server up to the reboot of machines. The following rules*: /sbin/iptables -t nat -A PREROUTING -p tcp -i eth2 -d xxx.xxx.xxx.xxx --dport 29070 -j DNAT --to-destination 10.0.1.7:29070 /sbin/iptables -A FORWARD -p tcp -i eth2 -o eth0 -d... (0 Replies)
Discussion started by: titoms
0 Replies

9. Shell Programming and Scripting

[solved] Killing 3rd command in ssh chain

Hi All, Noob question here... How do I kill the 3rd command in this ssh chain effectively? # ssh -t -t 10.80.0.5 'ssh 10.80.0.6 | /var/tmp/some_script' The "/var/tmp/some_script" contains: ssh 10.80.0.81 'echo "Hello World!!!!" >> /tmp/sample.txt'The problem is that once the sample.txt... (2 Replies)
Discussion started by: NYG71
2 Replies

10. UNIX for Advanced & Expert Users

iptables internal NAT with two public IP

Hello Guys, I have a debian machine that work as a firewall (iptables + squid 2.6) with two physical interfaces: eth0 (public interface) and eth1 (internal interface LAN). I have created an alias eth1:1 in order to have two subnets on same physical interface: cat/etc/network/interfaces auto... (0 Replies)
Discussion started by: sincity2006
0 Replies
Login or Register to Ask a Question