iptables TRACE No chain/target/match by that name

Question

I'm debugging the iptables for a kvm VM running a Buildroot image.When I try to set the following TRACE rule I get the error iptables: No chain/target/match by that name

sudo iptables -t raw -A OUTPUT -p tcp --destination 192.168.1.0/24 --dport 8443 -j TRACE

If I instead enable the LOG rule it works, and the packets are logged, but I need to check which rule, if any, is dropping the packages.

Update: Information about the environment on which the problem occurs (inside the VM):

$ uname -a
  Linux minikube 4.15.0 #1 SMP Sat Dec 8 00:26:02 UTC 2018 x86_64 GNU/Linux
  $ cat /proc/version 
  Linux version 4.15.0 (jenkins@jenkins) (gcc version 7.3.0 (Buildroot 2018.05)) #1 SMP Sat Dec 8 00:26:02 UTC 2018

score 0 · Answer 1 · answered Dec 15 '18 at 05:13

The problem here is that the iptables TRACE target requires the nf_log_ipv4 (or nf_log_ipv6) kernel module. If the module is present, it gets loaded automatically. However, minikube's kernel build has only a limited set of netfilter modules, so what you can do with iptables inside minikube is limited to the functionality provided by the existing modules.

iptables TRACE No chain/target/match by that name

1 Answers1