5

I am trying to configure proxy server on RHEL Server 6.5 using Squid and iptables. Below is the command I executed and the error message it displayed:

vzlptest01 root [root] > iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name.

Some more details:

vzlptest01 root [root] > cat /proc/net/ip_tables_matches
limit
state
length
ttl
tcpmss
multiport
multiport
tos
tos
dscp
icmp
udplite
udp
tcp

vzlptest01 root [root] > cat /proc/net/ip_tables_targets
DNAT
SNAT
LOG
TOS
TOS
DSCP
TCPMSS
REJECT
ERROR

How to deal with this issue?

user9517
  • 115,471
  • 20
  • 215
  • 297
Mandar Shinde
  • 179
  • 1
  • 1
  • 5
  • Please, add the output of `iptables-save` to your question. – dawud Jun 30 '14 at 06:21
  • `iptables-save`? Why? – Mandar Shinde Jun 30 '14 at 06:38
  • OK, don't add it. Just check the names of the chains in a default RHEL installation. – dawud Jun 30 '14 at 06:47
  • Would I be right in thinking from the hostname this is an OpenVZ container, or some similar Virtuozzo-style virtual host? – MadHatter Jun 30 '14 at 07:35
  • It is a Parallels Virtuozzo container. – Mandar Shinde Jun 30 '14 at 07:38
  • 1
    Don't even bother. Virtuozzo is not virtualisation, merely containerisation, and the shared kernel makes it very subject to this particular issue; see eg http://serverfault.com/questions/608348/iptables-not-installed-on-centos/608509#608509 , and many other similar questions and answers on SF. I'd vote to close this as a duplicate of that question, but it has no accepted answer; so I'll VTC as off-topic (virtuozzo just elevated itself to not-professional-sysadmin in my eyes, at least when used as a virtualisation solution). – MadHatter Jun 30 '14 at 07:58
  • We have many duplicates for this question; I've chosen one I could find easily. – Michael Hampton Jun 30 '14 at 13:39
  • make sure there is xt_nat.ko in your system, which is build by turn on CONFIG_IP_NF_NAT and CONFIG_NETFILTER_XT_NATin kernel configuration – netawater May 25 '15 at 03:15

1 Answers1

7

It looks like you don't have a INPUT table. You could try creating it with 

iptables -N INPUT

If that does't work than I would look at the virtualization technology in use and speak to the hosting provider about it.

As an aside

iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

You almost certainly don't want to do that with a -A, -I would be much better in nearly all circumstaces.

user9517
  • 115,471
  • 20
  • 215
  • 297
  • 1
    I am reasonably sure that you dont create those chains, they exist by default as part of the filter table. – Matthew Ife Jun 30 '14 at 07:04
  • @Iain- I have successfully executed `iptables -A INPUT -i lo -j ACCEPT`, indicating that INPUT chain was already existing. – Mandar Shinde Jun 30 '14 at 07:42
  • I am going to lay the blame at the feet of the virtualization technology your VPS is using then. You will need to speak to your hosting provider. – user9517 Jun 30 '14 at 07:46