Syntax error running iptables?

Brad Chapman kakadu@earthlink.net
Mon, 30 Jul 2001 20:05:51 -0400 

Mr. Brooks,

   You're trying to reference a chain which doesn't exist. Thus, iptables
thinks it's a target. Create your user-defined chains before you reference
them.

Brad

Jason Brooks wrote:

> Hello,
> 
> I am getting errors running iptables, the next line of which is an
> example:
> 
> 	iptables v1.2.2: Couldn't load target `int-ext':/usr/local/lib/\
> 	iptables/libipt_int-ext.so: cannot open shared object file: No \
> 	such file or directory
> 
> 	Try `iptables -h' or 'iptables --help' for more information.
> 
> Note that it lists target "int-ext".  this message exists for ALL
> permutations of my target user-defined chains.  I can't tell if this is
> an error, or something else.
> 
> All modules are loading correctly that i can tell.  could you guys take
> a look at my configuration enclosed and tell me if there is some
> fundamental flaw in my command lines?  I do not wish you to evaluate my
> firewall schema.  That comes later.  I just can't shake the feeling I
> have some syntax wrong.
> 
> I have installed iptables, version 1.2.2 into the default locations
> using plain old make, with no special goodies.  I have compiled iptables
> on a redhat 7.1 machine that has a pristine linux 2.4.7 build directory
> in it.
> 
> 
> Here is my initial iptables configuration:
> 	iptables -P INPUT DROP
> 	iptables -P OUTPUT DROP
> 	iptables -P FORWARD DROP
> 
> 
> 	iptables -A FORWARD -i eth0 -o eth1 -j int-ext
> 	iptables -A FORWARD -i eth1 -o eth0 -j ext-int
> 	iptables -A INPUT   -i eth0         -j int-os
> 	iptables -A INPUT   -i eth1         -j ext-os
> 	iptables -A OUTPUT  -o eth0         -j os-int
> 	iptables -A OUTPUT  -o eth1         -j os-ext
> 
> 	# internal to external network
> 	# default policy: allow all outgoing connections
> 	iptables -N int-ext
> 	iptables -A int-ext -j ACCEPT
> 	iptables -A int-ext -j DROP
> 
> 	# internal to Local process
> 	# default policy: allow all internal to local process
> 	iptables -N int-os
> 	iptables -A int-os -j ACCEPT
> 	iptables -A int-os -j DROP
> 
> 	# external to internal network
> 	# default: allow only related responses to outbound initiated
> 	# packets
> 	iptables -N ext-int
> 	iptables -A ext-int -m state --state ESTABLISHED,RELATED -j
> 	ACCEPT
> 	iptables -A ext-int -j DROP
> 
> 	# external to local process
> 	# default: 
> 	#       Allow inbound to sshd port
> 	#       allow only related responses to outbound initiated
> 	#       packets
> 	iptables -N ext-os
> 	iptables -A ext-os -p tcp --destination-port 22 -j ACCEPT
> 	iptables -A ext-os -m state --state ESTABLISHED,RELATED -j
> 	ACCEPT
> 	iptables -A ext-os -j DROP
> 
> 
> 	# Local process to external hosts
> 	# default: allow all
> 	iptables -N os-ext
> 	iptables -A os-ext -j ACCEPT
> 	iptables -A os-ext -j DROP
> 
> 	# Local process to internal hosts
> 	# default: allow all
> 	iptables -N os-int
> 	iptables -A os-int -j ACCEPT
> 	iptables -A os-int -j DROP
> 	
> 
> 
>