bridge firewall conntrack problem

From: antgel (
Date: 05/15/03

Date: Thu, 15 May 2003 10:01:11 +0100

Hi all,

I've set up a Debian bridging firewall. First time I've ever done it,
but it all went smoothly thanks to the great guide on

However I'm falling at the last hurdle. I had to recompile the kernel
to include the bridging code. This was smooth as well. However I
have a problem when I try to set up a stateful rule, e.g.

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name

Other types of rule work fine. I suppose this would indicate that I
don't have ip_conntrack in the kernel, but I do, see below:

debian:/usr/local/bin# lsmod
Module Size Used by Not tainted
iptable_mangle 2112 0 (unused)
ip_conntrack_irc 2400 0 (unused)
ip_conntrack_ftp 3136 0 (unused)
ip_conntrack 12716 2 [ip_conntrack_irc ip_conntrack_ftp]
ipt_REJECT 2784 0 (unused)
ipt_LOG 3232 0 (unused)
iptable_filter 1728 0 (unused)
ip_tables 10624 4 [iptable_mangle ipt_REJECT ipt_LOG

How can I go about debugging this?


Replace 'usenet' with 'antony' if replying via email.