Search

Language:  
Search for:

Available article translations:

Unable to set firewall rules inside container: "No chain/target/match by that name"

Article ID: 115410, created on Jan 15, 2013, last review on Aug 15, 2014

APPLIES TO:
  • Virtuozzo
  • Virtuozzo containers for Linux
  • Virtuozzo hypervisor

Symptoms

When trying to add an iptables rule inside a container, the operation results in an error similar to the following:

# iptables -t mangle -A PREROUTING -s x.x.x.x -j TTL --ttl-set 64
iptables: No chain/target/match by that name.

Cause

To be able to execute "action" rules, it is necessary to have the corresponding matching and target modules available inside the container. It is likely that the required matching or target module is not loaded on the node.

Resolution

Check matching and target modules available for the container in question and load the absent ones.

Example:

For the command iptables -t mangle -A PREROUTING -s x.x.x.x -j TTL --ttl-set 64:

[root@mycontainer ~]# cat /proc/net/ip_tables_matches
udp
tcp
conntrack
owner
connlimit
recent
helper
state
length
ttl
tcpmss
icmp
multiport
multiport
limit
tos

[root@mycontainer ~]# cat /proc/net/ip_tables_targets
REDIRECT
MASQUERADE
DNAT
SNAT
TCPMSS
ERROR
LOG
TOS
REJECT

For the command above, we need the matching module ttl (which is available) and target module TTL, which is not present.

In order to fix the issue, it is necessary to load the module on the node and restart the container:

[root@node ~]# modprobe ipt_TTL
[root@node ~]# vzctl restart CTID

In order to fix the issue permanently, it is necessary to add the required modules to load automatically. Refer to this article for more information:
Managing iptables modules in containers

Search words:

Error: rst_restore_net: -22




2897d76d56d2010f4e3a28f864d69223 a26b38f94253cdfbf1028d72cf3a498b 0dd5b9380c7d4884d77587f3eb0fa8ef e8e50b42231236b82df27684e7ec0beb d02f9caf3e11b191a38179103495106f

FEEDBACK
Was this article helpful?
Tell us how we may improve it.
Yes No
 
 
 
 
 
 
Server Virtualization
- Odin Cloud Server
- Odin Containers for Windows 6.0
- Odin Virtuozzo Containers
Automation
- Odin Automation
- Odin Automation for Cloud Infrastructure
- Odin Business Automation Standard
- Odin Virtual Automation
- Odin Plesk Panel Suite
- Web Presence Builder
- Odin Plesk Automation
- Odin Small Business Panel
- Value-added Services for Hosters
- Odin Partner Storefront
Services & Resources
- Cloud Acceleration Services
- Professional Services
- Support Services
- Training & Certification