I'm trying to set iptables on Debian 6 Squeeze amd64 and I'm faced to this error message
root@Vision:~/bin# iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name.
I searched on the web but I didn't find a solution. Other rules gives me same error.
your kernel needs the netfilter module conntrack
Location: │
│ -> Networking support (NET [=y]) │
│ -> Networking options │
│ -> Network packet filtering framework (Netfilter) (NETFILTER [=y]) │
│ -> Core Netfilter Configuration │
│ -> Netfilter Xtables support (required for ip_tables) (NETFILTER_XTABLES [=m])
check the dmesg output for the actual error also run the rule with strace to get the missing modules
It looks like your kernel is missing some Netfilter features. You need the Xtables support, as Fabio pointed out. However, you need the xt_conntrack feature as well. It might be compiled as a module, so that entering the command you wrote should load it. But in some cases, you'll need to load it by yourself so, before going further, try
# modprobe xt_conntrack
If it doesn't work, you'll have to recompile your kernel to enable it. You can find the option here:
Symbol: NETFILTER_XT_MATCH_CONNTRACK
│ Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && NETFILTER_XTABLES [=y] && NF_CONNTRACK [=y]
│ Location:
│ -> Networking support (NET [=y])
│ -> Networking options
│ -> Network packet filtering framework (Netfilter) (NETFILTER [=y])
│ -> Core Netfilter Configuration
│ -> Netfilter Xtables support (required for ip_tables) (NETFILTER_XTABLES [=y])
If you're not familiar with kernel building, you might want to have a look at the book at http://www.kroah.com/lkn/ which explains all you need to know from the start in a very clear fashion.
(I know this is a bit late to answer. Still, I've faced the same issue today so I thought it might help someone someday.)
iptables-savecommand? – Zypher Mar 14 '11 at 01:27find /lib -name "*conntrack.ko"please. – pepoluan Mar 14 '11 at 04:52