Mailing List Archive: problem with postrouting chain

problem with postrouting chain

Jul 27, 2007, 3:14 AM

Post #1 of 3 (2233 views)

Hi:

I'm running pre compilied 2.6.18-4 kernel on debian etch.

I=B4ve load this modules:

ip_nat_irc
ip_conntrack_irc
iptable_nat
ip_tables
ip_nat_ftp
ip_nat
ip_conntrack_ftp
ip_conntrack

When I try to run this rules:

/sbin/iptables -A POSTROUTING -s 192.168.1.0/24 -d XXX.XXX.XXX.XXX -o=20
YYY.YYY.YYY.YYY -p tcp -m tcp --dport 110 -j SNAT --to-source=20
YYY.YYY.YYY.YYY

I get this error.

iptables: No chain/target/match by that name

If I insert chain type: INPUT, OUTPUT or FORWARD they run without problem.

What's happen exactly???? There's a problem in kernel?

Thanks

Zng

Re: problem with postrouting chain [ In reply to ]

Buzer at buzer

Jul 27, 2007, 9:16 AM

Post #2 of 3 (2148 views)

Permalink

Add "-t nat" before -A POSTROUTING

jose a. zúñiga <zuniga@baibrama.cult.cu> kirjoitti Fri, 27 Jul 2007
13:14:12 +0300:

> Hi:
>
> I'm running pre compilied 2.6.18-4 kernel on debian etch.
>
> I=B4ve load this modules:
>
> ip_nat_irc
> ip_conntrack_irc
> iptable_nat
> ip_tables
> ip_nat_ftp
> ip_nat
> ip_conntrack_ftp
> ip_conntrack
>
> When I try to run this rules:
>
> /sbin/iptables -A POSTROUTING -s 192.168.1.0/24 -d XXX.XXX.XXX.XXX -o=20
> YYY.YYY.YYY.YYY -p tcp -m tcp --dport 110 -j SNAT --to-source=20
> YYY.YYY.YYY.YYY
>
> I get this error.
>
> iptables: No chain/target/match by that name
>
> If I insert chain type: INPUT, OUTPUT or FORWARD they run without
> problem.
>
> What's happen exactly???? There's a problem in kernel?
>
> Thanks
>
> Zng
>
>

Re: problem with postrouting chain [ In reply to ]

pascal.mail at plouf

Jul 28, 2007, 3:36 AM

Post #3 of 3 (2157 views)

Permalink

Hello

Eljas Alakulppi a écrit :
> jose a. zúñiga <zuniga@baibrama.cult.cu> kirjoitti Fri, 27 Jul 2007
> 13:14:12 +0300:
>>
>> When I try to run this rules:
>>
>> /sbin/iptables -A POSTROUTING -s 192.168.1.0/24 -d XXX.XXX.XXX.XXX -o=20
>> YYY.YYY.YYY.YYY -p tcp -m tcp --dport 110 -j SNAT --to-source=20
>> YYY.YYY.YYY.YYY

I suppose that the =20 are not really part of the rule but probably the
trace of some quoted-printable encoding.

>> I get this error.
>>
>> iptables: No chain/target/match by that name
>>
> Add "-t nat" before -A POSTROUTING

Also, the -o option takes an interface name (eth0, ppp0...), not an IP
address. However iptables does not check that the specified interface
name actually exists. So this rule is not likely to match anything.