Skip to main content

Coustom chain works well but not shown with `iptables -L` [Resolved]

To do some forwarding jobs, I use a script to add a custom chain. Part of the code is here (run as root):

iptables -t nat -N v2ray_forwarder
iptables -t nat -I OUTPUT -j v2ray_forwarder
iptables -t nat -A v2ray_forwarder -p tcp -m set --match-set srv_ip dst -j RETURN
iptables -t nat -A v2ray_forwarder -d 0.0.0.0/8 -j RETURN
iptables -t nat -A v2ray_forwarder -d 10.0.0.0/8 -j RETURN
iptables -t nat -A v2ray_forwarder -d 127.0.0.0/8 -j RETURN
iptables -t nat -A v2ray_forwarder -d 192.168.0.0/16 -j RETURN
iptables -t nat -A v2ray_forwarder -p tcp -m set --match-set gfw_ip dst -j REDIRECT --to-port 1081
iptables -t nat -A v2ray_forwarder -p tcp -m set ! --match-set chn_ip dst -j REDIRECT --to-port 1081

The code works fine and I'm sure the packages have been correctly relayed. But, after I tap sudo iptables -L, it comes out:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 

On my router(OpenWRT), iptables -L always shows all chains exist, but it doesn't work on my laptop. Could someone tells me why?

Thank you!


Question Credit: 陈浩南
Question Reference
Asked July 21, 2019
Posted Under: Network
20 views
1 Answers

The custom chains is bound to a table. It means you cannot use a chain, that has been created in the mangle table, in rules of the filter or the nat tables.

The iptables -L command shows only the filter table chains. Check the output of iptables -t nat -L. But better use the iptables-save -c command to list the full rule set with counters.


credit: Anton Danilov
Answered July 21, 2019
Your Answer
D:\Adnan\Candoerz\CandoProject\vQA