|
Re: Firewall tutorial [message #11924 is a reply to message #11923] |
Thu, 12 April 2007 04:16 |
ugob
Messages: 271 Registered: March 2007
|
Senior Member |
|
|
More precisely, I get this error:
iptables v1.2.11: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
2.6.9-023stab040.1
In vz.conf:
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"
in the VEID.conf file:
IPTABLES="iptable_nat"
(I also tried with nothing).
No iptables rules active on VE0 (host).
Thanks,
Please read the manual before asking questions:
http://download.openvz.org/doc/OpenVZ-Users-Guide.pdf
Please have a look at the wiki before asking questions:
http://wiki.openvz.org/Main_Page
|
|
|
|
Re: Firewall tutorial [message #11992 is a reply to message #11978] |
Fri, 13 April 2007 16:46 |
ugob
Messages: 271 Registered: March 2007
|
Senior Member |
|
|
[root@svr01 ~]# lsmod
Module Size Used by
simfs 3676 4
vzethdev 7692 0
vzrst 161736 0
iptable_nat 26296 3 vzrst
vzcpt 127704 0
ip_conntrack 44852 4 vzrst,iptable_nat,vzcpt
vzdquota 53840 4 [permanent]
ipt_length 1376 3
ipt_ttl 1536 3
ipt_tcpmss 1920 3
ipt_TCPMSS 3616 3
iptable_mangle 4192 3
iptable_filter 4032 3
ipt_multiport 1728 3
ipt_limit 2528 3
ipt_tos 1312 3
ipt_REJECT 5792 3
ip_tables 22256 11 iptable_nat,ipt_length,ipt_ttl,ipt_tcpmss,ipt_TCPMSS,iptable _mangle,iptable_filter,ipt_multiport,ipt_limit,ipt_tos,ipt_R EJECT
vznetdev 13408 9
vzmon 47900 8 vzethdev,vzrst,vzcpt,vznetdev
vzdev 3008 4 vzethdev,vzdquota,vznetdev,vzmon
af_packet 21928 4
uhci_hcd 33272 0
ehci_hcd 31780 0
via_rhine 23368 0
mii 4544 1 via_rhine
floppy 62480 0
Please read the manual before asking questions:
http://download.openvz.org/doc/OpenVZ-Users-Guide.pdf
Please have a look at the wiki before asking questions:
http://wiki.openvz.org/Main_Page
|
|
|
|
Re: Firewall tutorial [message #12014 is a reply to message #11924] |
Sat, 14 April 2007 14:00 |
Vasily Tarasov
Messages: 1345 Registered: January 2006
|
Senior Member |
|
|
Oh, I've just noticed that your veid.conf file contents only "iptable_nat"! It's not enough for iptables! Note, also, that parameters from vz.conf and veid.conf are note concatinated - they only replace each other. So in your VE only iptable_nat is allowed. I suggest you to add all required modules to veid.conf file.
Vasily.
|
|
|