With xen I'm doing reference to a xen kernel .. or a kernel patched in order to have a virtual machine ... in this escenary .. the kernel in the physical host xenO -in domainO- (in the xen terminology) and a xenU kernel is a kernel inside a virtual machine (domU - domainU) I'm thinking that you are right about some missing parameter in the kernel in the Netfilter configuration ... I need the iprange working because I don't want use a large set of rules. Thanks for your help, Jorge. El mar, 11-10-2005 a las 13:51 -0500, /dev/rob0 escribió: > Please don't top-post your replies. It makes it very difficult to > follow, especially since the post you're replying to has not (yet?) > reached the list. > > > > Jorge I. Davila L. wrote: > > > >I'm trying to use the iprange match, but every time when I want > > > > apply a rule I receives: > > > > > > > >iptables: No chain/target/match by that name > > > > > > > >I'm using a 2.4.30 kernel in a xen domainU > > "xen domainU" is not familiar to me. > > > > >The iptables that I'm using is 1.3.3 > > > > > > > >The rule that I'm testing is: > > > > > > > >iptables -A OUTPUT -p tcp -m iprange --src-range > > > >192.168.223.1-192.168.223.2 > > > > > > El mar, 11-10-2005 a las 22:09 +0300, Daniel Ivanov escribió: > > > Well, you should try applying a target to that rule , try -j ACCEPT > > > or -j DROP > > And no, this is not important. You can have rules without targets. > > On Tuesday 2005-October-11 13:36, Jorge I. Davila L. wrote: > > well .. the complete rule: > > > > iptables -A OUTPUT -p tcp -m iprange \ > > --src-range 192.168.223.1-192.168.223.2 \ > > -j ACCEPT > > > > iptables: No chain/target/match by that name > > I guess this means that your kernel lacks support for the iprange > target. "CONFIG_IP_NF_MATCH_IPRANGE=m" > > This is at most a minor inconvenience. You can always use CIDR > addressing and multiple rules. (I always try to keep logical breaks in > network space on CIDR boundaries, to facilitate this.) -- Jorge Isaac Davila Lopez
