I’m debugging the iptables for a kvm VM running a Buildroot image.When I try to set the following TRACE rule I get the error
iptables: No chain/target/match by that name
sudo iptables -t raw -A OUTPUT -p tcp --destination 192.168.1.0/24 --dport 8443 -j TRACE
If I instead enable the LOG rule it works, and the packets are logged, but I need to check which rule, if any, is dropping the packages.
Update: Information about the environment on which the problem occurs (inside the VM):
$ uname -a Linux minikube 4.15.0 #1 SMP Sat Dec 8 00:26:02 UTC 2018 x86_64 GNU/Linux $ cat /proc/version Linux version 4.15.0 ([email protected]) (gcc version 7.3.0 (Buildroot 2018.05)) #1 SMP Sat Dec 8 00:26:02 UTC 2018
The problem here is that the iptables TRACE target requires the nf_log_ipv4 (or nf_log_ipv6) kernel module. If the module is present, it gets loaded automatically. However, minikube’s kernel build has only a limited set of netfilter modules, so what you can do with iptables inside minikube is limited to the functionality provided by the existing modules.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.