[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipmasq not doing NAT after upgrade

On Wed, Sep 24, 2003 at 09:41:42AM +0300, Mihalis I. Tsoukalos wrote:
> On Tue, Sep 23, 2003 at 02:06:40PM +0300, Mihalis I. Tsoukalos wrote:
> > On Tue, Sep 23, 2003 at 11:37:29AM +0300, Mihalis I. Tsoukalos wrote:
> > > Dear list,
> > > I have the following problem:
> > > 
> > > After upgrading the ipmasq package yesterday, NAT is not working
> > > properly.
> > > 
> > > What do I need to do in order to solve it?
> > > I am using Debian woody.
> > > 
> > > TIA,
> > > Mihalis
> > 
> > More info:
> > 
> > After a dpkg-reconfigure ipmasq I get:
> > 
> > Initializing IP Masquerading...iptables: No chain/target/match by that
> > name
> > iptables: No chain/target/match by that name
> > iptables: No chain/target/match by that name
> > iptables: No chain/target/match by that name
> > iptables: No chain/target/match by that name
> > iptables: No chain/target/match by that name
> > iptables: No chain/target/match by that name
> > iptables: No chain/target/match by that name
> > done.
> > Loading IP Masquerade kernel modules...done.
> > 
> > Still, NAT is not working properly.
> > 
> > TIA,
> > Mihalis.
> 
> More info that might help:
> 
> ipmasq -v output:
> 
> #: Interfaces found:
> #:   ppp0       194.219.142.142/255.255.255.255
> #:   eth0       10.100.0.1/255.255.0.0
> echo "0" > /proc/sys/net/ipv4/ip_forward
> /sbin/iptables -P INPUT DROP
> /sbin/iptables -P OUTPUT DROP
> /sbin/iptables -P FORWARD DROP
> /sbin/iptables -F INPUT
> /sbin/iptables -F OUTPUT
> /sbin/iptables -F FORWARD
> /sbin/iptables -t mangle -P PREROUTING ACCEPT
> /sbin/iptables -t mangle -P OUTPUT ACCEPT
> /sbin/iptables -t mangle -F PREROUTING
> /sbin/iptables -t mangle -F OUTPUT
> /sbin/iptables -t nat -P PREROUTING ACCEPT
> /sbin/iptables -t nat -P POSTROUTING ACCEPT
> /sbin/iptables -t nat -P OUTPUT ACCEPT
> /sbin/iptables -t nat -F PREROUTING
> /sbin/iptables -t nat -F POSTROUTING
> /sbin/iptables -t nat -F OUTPUT
> /sbin/iptables -A INPUT -j ACCEPT -i lo
> /sbin/iptables -A INPUT -j LOG -i ! lo -s 127.0.0.1/255.0.0.0
> iptables: No chain/target/match by that name
> /sbin/iptables -A INPUT -j DROP -i ! lo -s 127.0.0.1/255.0.0.0
> /sbin/iptables -A INPUT -j ACCEPT -i eth0 -d 255.255.255.255/32
> /sbin/iptables -A INPUT -j ACCEPT -i eth0 -s 10.100.0.1/255.255.0.0
> /sbin/iptables -A INPUT -j ACCEPT -i eth0 -d 224.0.0.0/4 -p ! tcp
> /sbin/iptables -A INPUT -j LOG -i ppp0 -s 10.100.0.1/255.255.0.0
> iptables: No chain/target/match by that name
> /sbin/iptables -A INPUT -j DROP -i ppp0 -s 10.100.0.1/255.255.0.0
> /sbin/iptables -A INPUT -j ACCEPT -i ppp0 -d 255.255.255.255/32
> /sbin/iptables -A INPUT -j ACCEPT -i ppp0 -d 194.219.142.142/32
> /sbin/iptables -t nat -A POSTROUTING -s 10.100.0.1/255.255.0.0 -j
> MASQUERADE
> /sbin/iptables -A FORWARD -i eth0 -o ppp0 -s 10.100.0.1/255.255.0.0 -j
> ACCEPT
> /sbin/iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
> iptables: No chain/target/match by that name
> /sbin/iptables -A OUTPUT -j ACCEPT -o lo
> /sbin/iptables -A OUTPUT -j ACCEPT -o eth0 -d 255.255.255.255/32
> /sbin/iptables -A OUTPUT -j ACCEPT -o eth0 -d 10.100.0.1/255.255.0.0
> /sbin/iptables -A OUTPUT -j ACCEPT -o eth0 -d 224.0.0.0/4 -p ! tcp
> /sbin/iptables -A FORWARD -j LOG -o ppp0 -d 10.100.0.1/255.255.0.0
> iptables: No chain/target/match by that name
> /sbin/iptables -A FORWARD -j DROP -o ppp0 -d 10.100.0.1/255.255.0.0
> /sbin/iptables -A OUTPUT -j LOG -o ppp0 -d 10.100.0.1/255.255.0.0
> iptables: No chain/target/match by that name
> /sbin/iptables -A OUTPUT -j DROP -o ppp0 -d 10.100.0.1/255.255.0.0
> /sbin/iptables -A OUTPUT -j ACCEPT -o ppp0 -d 255.255.255.255/32
> /sbin/iptables -A OUTPUT -j ACCEPT -o ppp0 -s 194.219.142.142/32
> echo "1" > /proc/sys/net/ipv4/ip_forward
> /sbin/iptables -A INPUT -j LOG -s 0.0.0.0/0 -d 0.0.0.0/0
> iptables: No chain/target/match by that name
> /sbin/iptables -A INPUT -j DROP -s 0.0.0.0/0 -d 0.0.0.0/0
> /sbin/iptables -A OUTPUT -j LOG -s 0.0.0.0/0 -d 0.0.0.0/0
> iptables: No chain/target/match by that name
> /sbin/iptables -A OUTPUT -j DROP -s 0.0.0.0/0 -d 0.0.0.0/0
> /sbin/iptables -A FORWARD -j LOG -s 0.0.0.0/0 -d 0.0.0.0/0
> iptables: No chain/target/match by that name
> /sbin/iptables -A FORWARD -j DROP -s 0.0.0.0/0 -d 0.0.0.0/0
> router:/usr/src/linux#
> 
> hope this will help you help me :-)
> Mihalis.

After a kernel recompile the NAT problem is fixed.
I have added some modules to the kernel.

I still get some "iptables: No chain/target/match by that name" error
messages:

/sbin/iptables -A INPUT -j LOG -i ! lo -s 127.0.0.1/255.0.0.0
iptables: No chain/target/match by that name
/sbin/iptables -A INPUT -j LOG -i ppp0 -s 10.100.0.1/255.255.0.0
iptables: No chain/target/match by that name
/sbin/iptables -A FORWARD -j LOG -o ppp0 -d 10.100.0.1/255.255.0.0
iptables: No chain/target/match by that name
/sbin/iptables -A OUTPUT -j LOG -o ppp0 -d 10.100.0.1/255.255.0.0
iptables: No chain/target/match by that name
/sbin/iptables -A INPUT -j LOG -s 0.0.0.0/0 -d 0.0.0.0/0
iptables: No chain/target/match by that name
/sbin/iptables -A OUTPUT -j LOG -s 0.0.0.0/0 -d 0.0.0.0/0
iptables: No chain/target/match by that name
/sbin/iptables -A FORWARD -j LOG -s 0.0.0.0/0 -d 0.0.0.0/0
iptables: No chain/target/match by that name

What can I do to fix this?

have a nice day,
Mihalis.

-- 
 10:28:23 up 6 min,  2 users,  load average: 0.09, 0.13, 0.08
Reply to: