bridge firewall conntrack problem
From: antgel (usenet_at_antgel.co.uk)
Date: Thu, 15 May 2003 10:01:11 +0100
I've set up a Debian bridging firewall. First time I've ever done it,
but it all went smoothly thanks to the great guide on www.debian.org.
However I'm falling at the last hurdle. I had to recompile the kernel
to include the bridging code. This was smooth as well. However I
have a problem when I try to set up a stateful rule, e.g.
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name
Other types of rule work fine. I suppose this would indicate that I
don't have ip_conntrack in the kernel, but I do, see below:
Module Size Used by Not tainted
iptable_mangle 2112 0 (unused)
ip_conntrack_irc 2400 0 (unused)
ip_conntrack_ftp 3136 0 (unused)
ip_conntrack 12716 2 [ip_conntrack_irc ip_conntrack_ftp]
ipt_REJECT 2784 0 (unused)
ipt_LOG 3232 0 (unused)
iptable_filter 1728 0 (unused)
ip_tables 10624 4 [iptable_mangle ipt_REJECT ipt_LOG
How can I go about debugging this?
-- Replace 'usenet' with 'antony' if replying via email.