OpenVZ Forum


Home » General » Support » IPTables Error
IPTables Error [message #21099] Mon, 01 October 2007 18:44 Go to next message
Dediwebspace is currently offline  Dediwebspace
Messages: 8
Registered: October 2007
Junior Member
Hi

I have recently configured my nodes IPTables but its now throwing out the following error when i try to start a ve's firewall: iptables: Unknown error 4294967295

I have followed the instructions here http://kb.swsoft.com/article_130_875_en.html

Node software: CentOS and HyperVM/OpenVZ

How do I solve this

Regards,

Report message to a moderator

Re: IPTables Error [message #21110 is a reply to message #21099] Tue, 02 October 2007 04:58 Go to previous messageGo to next message
Mr.Ash is currently offline  Mr.Ash
Messages: 42
Registered: September 2007
Member
type these in the main node command line and tell me what would happen or how did it go
cat /etc/sysconfig/iptables-config 



cat /etc/sysconfig/vz


Smile

[Updated on: Tue, 02 October 2007 04:58]

Report message to a moderator

Re: IPTables Error [message #21676 is a reply to message #21110] Sat, 13 October 2007 22:10 Go to previous messageGo to next message
jmeyerdo is currently offline  jmeyerdo
Messages: 4
Registered: October 2007
Junior Member
Hi!

I noticed the same error with an OpenVZ-host today:

[root@vserver104 ~]# /sbin/iptables -I INPUT -p tcp --dport 80
iptables: Unknown error 4294967295


The requested information in the post before is:

[root@bob jm]# cat /etc/sysconfig/iptables-config
# Load additional iptables modules (nat helpers)
#   Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modprobe.conf.
IPTABLES_MODULES=""

# Unload modules on restart and stop
#   Value: yes|no,  default: yes
# This option has to be 'yes' to get to a sane state for a firewall
# restart or stop. Only set to 'no' if there are problems unloading netfilter
# modules.
IPTABLES_MODULES_UNLOAD="yes"

# Save current firewall rules on stop.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="no"

# Save current firewall rules on restart.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART="no"

# Save (and restore) rule and chain counter.
#   Value: yes|no,  default: no
# Save counters for rules and chains to /etc/sysconfig/iptables if
# 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or
# SAVE_ON_RESTART is enabled.
IPTABLES_SAVE_COUNTER="no"

# Numeric status output
#   Value: yes|no,  default: yes
# Print IP addresses and port numbers in numeric format in the status output.
IPTABLES_STATUS_NUMERIC="yes"



[root@bob jm]# cat /etc/sysconfig/vz
## Global parameters
VIRTUOZZO=yes
LOCKDIR=/vz/lock
DUMPDIR=/vz/dump
VE0CPUUNITS=1000

## Logging parameters
LOGGING=yes
LOGFILE=/var/log/vzctl.log
LOG_LEVEL=0

## Disk quota parameters
DISK_QUOTA=yes
VZFASTBOOT=no

# The name of the device whose ip address will be used as source ip for VE.
# By default automatically assigned.
#VE_ROUTE_SRC_DEV="eth0"

## Template parameters
TEMPLATE=/vz/template

## Defaults for VEs
VE_ROOT=/vz/root/$VEID
VE_PRIVATE=/vz/private/$VEID
CONFIGFILE="vps.basic"
DEF_OSTEMPLATE="fedora-core-4"

## Load vzwdog module
VZWDOG="no"

IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"


Any help/hints/further debugging-tipps would be greatly appreciated...
Kind regards! Jens

Report message to a moderator

Re: IPTables Error [message #21677 is a reply to message #21099] Sun, 14 October 2007 07:59 Go to previous messageGo to next message
Dediwebspace is currently offline  Dediwebspace
Messages: 8
Registered: October 2007
Junior Member
Follow the guide at SWSoft then the thing I didnt do was restart OpenVZ

So to fix:

1. Follow SWSoft Guide
2. Issue the command: service hypervm restart
3. Issue the command: service openvz restart

Then reboot the node and problems solved.

I forgot to restart openvz Razz

Report message to a moderator

Re: IPTables Error [message #21704 is a reply to message #21677] Mon, 15 October 2007 08:37 Go to previous messageGo to next message
jmeyerdo is currently offline  jmeyerdo
Messages: 4
Registered: October 2007
Junior Member
Hi!

Thank you for your help.

I followed the instructions now in detail (added IPTABLES="..." to both files). I restarted the ve and the hardware-node after that - without success. (You can see "the rest" of my config-files in my last post - only IPTABES was adapted.)

"iptables" was started on the hardware-node - but without any chain.

Is an actual kernel necessary to solve this problem? Actually "2.6.16-026test018.1-smp" is used on hardware-node.

Kind regards, Jens

Report message to a moderator

Re: IPTables Error [message #21737 is a reply to message #21704] Mon, 15 October 2007 15:30 Go to previous messageGo to next message
Dediwebspace is currently offline  Dediwebspace
Messages: 8
Registered: October 2007
Junior Member
Im not sure, I just followed what my DC told me to do. This was for an openvz/hypervm setup

Report message to a moderator

Re: IPTables Error [message #21740 is a reply to message #21737] Mon, 15 October 2007 17:18 Go to previous messageGo to next message
jmeyerdo is currently offline  jmeyerdo
Messages: 4
Registered: October 2007
Junior Member
Hi!

We are not using HyperVM but I would suggest that the problem is independent from this component?!

I followed the iptables-instructions in detail. Perhaps it depends on the older kernel?

Kind regards, Jens

Report message to a moderator

Re: IPTables Error [message #21741 is a reply to message #21740] Mon, 15 October 2007 17:26 Go to previous messageGo to next message
Dediwebspace is currently offline  Dediwebspace
Messages: 8
Registered: October 2007
Junior Member
Im no tech expert so I really cant offer much help

Sorry

Report message to a moderator

Re: IPTables Error [message #21883 is a reply to message #21676] Wed, 17 October 2007 13:14 Go to previous messageGo to next message
vaverin is currently offline  vaverin
Messages: 708
Registered: September 2005
Senior Member
jmeyerdo wrote on Sun, 14 October 2007 02:10

Hi!
I noticed the same error with an OpenVZ-host today:
[root@vserver104 ~]# /sbin/iptables -I INPUT -p tcp --dport 80
iptables: Unknown error 4294967295




4294967295 = 0xffffffff = -1

Are you sure that you haven't any failcounters in /proc/user_beancounters file?

Then could you please strace this command and attach the logs?

Also it would be usefulto look at lsmod output on your node.

thank you,
Vasily Averin

Report message to a moderator

Re: IPTables Error [message #21886 is a reply to message #21883] Wed, 17 October 2007 13:33 Go to previous messageGo to next message
jmeyerdo is currently offline  jmeyerdo
Messages: 4
Registered: October 2007
Junior Member
Hi!

Thank you for your reply.

Yes - there are no failcounters in /proc/user_beancounters on the virtual machine.
Find attached the strace-debug-output of the "iptables"-command and the lsmod-output from the hardware-node (hopefully done correctly?).

Kind regards, Jens

Report message to a moderator

Re: IPTables Error [message #21993 is a reply to message #21886] Thu, 18 October 2007 12:10 Go to previous message
vaverin is currently offline  vaverin
Messages: 708
Registered: September 2005
Senior Member
Could you update the kernel on your node? 2.6.16-026test018.1-smp is really too old.

Report message to a moderator

Previous Topic: Do we need reboot of VPS once vps conf file changed?
Next Topic: OpenVZ not suitable for real-time applications?
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Thu May 28 12:10:38 GMT 2026

Total time taken to generate the page: 0.27720 seconds
Powered by FUDforum Powered by Virtuozzo Containers