Reply
Member
Posts: 138
Registered: ‎01-11-2014
Kudos: 10
Solutions: 6

Re: Alert:iptables: Index of deletion too big.

I was able to reboot. The NAT rule was still present, but I was able to delete it this time.

Member
Posts: 138
Registered: ‎01-11-2014
Kudos: 10
Solutions: 6

Re: Alert:iptables: Index of deletion too big.

Well, this is ridiculous. After playing with NAT rules again, I'm right back to the same error. This doesn't invoke confidence that I have to reboot in order to clear this error.

 

@UBNT-stig

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3131
Solutions: 945
Contributions: 16

Re: Alert:iptables: Index of deletion too big.

Can you recall the steps you went through to reproduce the issue?

 

Also can you send the output of 

 

sudo iptables-save -c -t nat

 

and the output of:

 

configure
show service nat
exit
EdgeMAX Router Software Development
Member
Posts: 138
Registered: ‎01-11-2014
Kudos: 10
Solutions: 6

Re: Alert:iptables: Index of deletion too big.

So I've already rebooted to flush it out. With regards to the iptables-save, the NAT rule didn't show up there after the issue occurred.

 

For the steps, I don't have good ones for you. I was (rapidly) jumping between sNAT and dNAT and a few times the WAN_IN firewall ruleset as well as port forwarding rules, which have auto-firewall rules enabled.

 

I'm trying to get NAT working pointing to a load balancer where the return traffic will come from one or two IPs, and I don't really quite get how to do it properly, so there's that.

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3131
Solutions: 945
Contributions: 16

Re: Alert:iptables: Index of deletion too big.

Are you trying to do multiple changes at the same time (start to modify dnat, then add snat and save, then go back and save snat).

EdgeMAX Router Software Development
Member
Posts: 138
Registered: ‎01-11-2014
Kudos: 10
Solutions: 6

Re: Alert:iptables: Index of deletion too big.

So I would save each NAT rule between making modifications, although I was not going back to the System tab and hitting save.

Established Member
Posts: 1,998
Registered: ‎04-26-2014
Kudos: 838
Solutions: 23

Re: Alert:iptables: Index of deletion too big.

I ran into this same issue today also. What I did was created all my NAT rules hitting save after each new NAT rule I created. Then I went to reorder my DNATs as they were not in the order I wanted them. Then I hit save rule order and got this error. Afterwards I tried to move just one rule at a time, but at this point the error would keep popping up. Lastly I found that I selected TCP only when I needed TCP/UDP and still got this error. I google this error and ran across this post. I did a reboot also and the issue went away.

 

 

 

When you receive a solution to your question/issue, don't forget to mark your thread as solved and to give kudos to the people who have helped you out!
Highlighted
Emerging Member
Posts: 66
Registered: ‎12-15-2015
Kudos: 33
Solutions: 3

Re: Alert:iptables: Index of deletion too big.

@UBNT-stig

Same problem on 1.8.5

 

Looks like a validation problem in CLI (not tested in gui)

 

  1. Create a nat rule, ie:
    set service nat rule 100 type destination
    set service nat rule 100 description LAB
    set service nat rule 100 destination port 1234
    set service nat rule 100 inbound-interface eth0
    set service nat rule 100 inside-address address 10.10.10.10
    set service nat rule 100 inside-address port 1234
    set service nat rule 100 log enable
    set service nat rule 100 protocol tcp
    set service nat rule 100 source group address-group hostIPv4_test
  2. Commit
  3. Delete the previous nat rule
    delete service nat rule 100
  4. and create a new one, in error (no type here), ie:
    set service nat rule 101 description LAB
    set service nat rule 101 destination port 1234
    set service nat rule 101 inbound-interface eth0
    set service nat rule 101 inside-address address 10.10.10.10
    set service nat rule 101 inside-address port 1234
    set service nat rule 101 log enable
    set service nat rule 101 protocol tcp
    set service nat rule 101 source group address-group hostIPv4_test
  5. Commit
  6. CLI warn about missing type: NAT configuration error: rule type not specified/valid
  7. Correct the error
    set service nat rule 101 type destination
  8. Commit
    iptables: Index of deletion too big.

The error came in point 5, despite valiation problem, rule 100 was deleted from iptables, but not from config

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3131
Solutions: 945
Contributions: 16

Re: Alert:iptables: Index of deletion too big.

@fenrir thank you for the specific steps to reproduce the issue.  Following your steps I was able to reproduce the issue and can now start looking into it.

EdgeMAX Router Software Development
Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3131
Solutions: 945
Contributions: 16

Re: Alert:iptables: Index of deletion too big.

I fixed it but it was too late for v1.9.0b2, so it'll be in the next.

EdgeMAX Router Software Development
New Member
Posts: 4
Registered: ‎01-09-2018
Kudos: 1

Re: Alert:iptables: Index of deletion too big.

Hello,

 

I faced the same issue in v1.10.7. I wanted to debug on my network so I enabled logging for my only DNAT rule.

When I fixed the issue (real client not listening anymore on the translated port -_-), I couldn't disable logging for this rule (Alert:iptables: Index of deletion too big.).

 

Rebooting router allowed me to disable logging, but the issue seems not to be fixed.

 

Reply