OpenVZ Forum


Home » General » Support » iptables
iptables [message #32326] Thu, 31 July 2008 21:02 Go to next message
vmvmvm is currently offline  vmvmvm
Messages: 51
Registered: January 2006
Member
Hello,

I've searched the archives and still not found a solution (though many are close).

Please forgive the (likely) easy to answer question:

My ve's cannot use iptables:

iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.


lsmod shows:

# lsmod | grep -i "tables"
ip_tables 18760 1 iptable_filter
x_tables 19204 10 ip_tables,xt_tcpudp,xt_length,ipt_ttl,xt_tcpmss,ipt_TCPMSS,x t_multiport,xt_limit,ipt_tos,ipt_REJECT



and /etc/vz/vz.conf :


# grep -i tables /etc/vz/vz.conf
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"
IP6TABLES="ip6_tables ip6table_filter ip6table_mangle ip6t_REJECT"


What am I missing?

Thanks in advance.

Report message to a moderator

Re: iptables [message #32337 is a reply to message #32326] Fri, 01 August 2008 12:14 Go to previous messageGo to next message
kir is currently offline  kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia
Senior Member
Make sure iptables modules are loaded before openvz modules.

Kir Kolyshkin
http://static.openvz.org/userbars/openvz-developer.png

Report message to a moderator

Re: iptables [message #32339 is a reply to message #32337] Fri, 01 August 2008 12:26 Go to previous messageGo to next message
vmvmvm is currently offline  vmvmvm
Messages: 51
Registered: January 2006
Member
Thanks.

How do I determine the load order?

Thanks again.

Report message to a moderator

Re: iptables [message #32340 is a reply to message #32339] Fri, 01 August 2008 13:16 Go to previous messageGo to next message
kir is currently offline  kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia
Senior Member
First check it manually. Stop vz service (/etc/init.d/vz stop) and run iptables (/etc/init.d/iptables start). Check that iptables modules (such as ipt_filter) are loaded. Start vz service. Try using iptables from inside VE.

Kir Kolyshkin
http://static.openvz.org/userbars/openvz-developer.png

Report message to a moderator

Re: iptables [message #32347 is a reply to message #32340] Fri, 01 August 2008 14:46 Go to previous message
openxs is currently offline  openxs
Messages: 4
Registered: July 2008
Location: UK
Junior Member
Thanks Kir, I followed the instructions and it seems to have worked, however, I didn't change anything and now I'm confused as to what I've done differently, except stopping the entire VZ service, I was just stopping the VE's earlier with vzctl stop 101. Anyway, here is the output, I can see iptable_filter but not ipt_filter, maybe the same mod?

First check it manually. Stop vz service (/etc/init.d/vz stop) and run iptables (/etc/init.d/iptables start). Check that iptables modules (such as ipt_filter) are loaded. Start vz service. Try using iptables from inside VE.

# /etc/init.d/vz stop
Shutting down VE 101
Bringing down interface venet0: [ OK ]
Stopping OpenVZ: [ OK ]

# /etc/init.d/iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]


# /etc/init.d/vz start
Starting OpenVZ: [ OK ]
Bringing up interface venet0: [ OK ]
Configuring interface venet0: [ OK ]
Starting VE 101: [ OK ]

# modprobe -l | grep ip
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/char/tipar.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/char/ipmi/ipmi_devintf.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/char/ipmi/ipmi_poweroff.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/char/ipmi/ipmi_si.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/char/ipmi/ipmi_watchdog.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/char/ipmi/ipmi_msghandler.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/usb/serial/ipaq.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/usb/serial/ipw.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/usb/input/aiptek.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/scsi/ips.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/pci/hotplug/acpiphp.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/pci/hotplug/acpiphp_ibm.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/md/multipath.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/md/dm-multipath.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/isdn/hisax/hisax_fcpcipnp.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/media/video/ovcamchip/ovcamchip.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/i2c/chips/pca9539.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/i2c/chips/pcf8574.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/i2c/chips/ds1374.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/i2c/chips/eeprom.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/i2c/chips/pcf8591.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/i2c/chips/ds1337.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/i2c/chips/max6875.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/net/tulip/uli526x.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/net/tulip/tulip.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/net/tulip/xircom_cb.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/net/tulip/winbond-840.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/net/tulip/de2104x.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/net/tulip/dmfe.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/net/tulip/de4x5.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/net/wireless/ipw2100.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/net/wireless/ipw2200.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/net/slip.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/infiniband/ulp/ipoib/ib_ipoib.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/mtd/nand/diskonchip.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/mtd/chips/cfi_cmdset_0002.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/mtd/chips/cfi_cmdset_0020.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/mtd/chips/map_absent.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/mtd/chips/chipreg.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/mtd/chips/jedec_probe.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/mtd/chips/map_rom.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/mtd/chips/map_ram.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/mtd/chips/cfi_cmdset_0001.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/mtd/chips/cfi_util.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/mtd/chips/gen_probe.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/driv ers/mtd/chips/cfi_probe.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/soun d/pci/snd-cmipci.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/soun d/pci/riptide/snd-riptide.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ tipc/tipc.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/tcp_westwood.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/ah4.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/ip_gre.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/tcp_highspeed.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/tcp_scalable.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/tunnel4.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/tcp_veno.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/tcp_htcp.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/xfrm4_mode_transport.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/inet_diag.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ipt_REDIRECT.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/iptable_raw.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ip_queue.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ipt_dscp.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/iptable_nat.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ip_nat_ftp.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/iptable_filter.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ipt_recent.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ip_nat_amanda.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ip_conntrack.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ipt_ah.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ipt_MASQUERADE.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ipt_addrtype.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ipt_tos.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ipt_hashlimit.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ipt_ECN.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ipt_TOS.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ip_conntrack_netlink.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ip_nat_pptp.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/iptable_mangle.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ipt_iprange.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ip_conntrack_ftp.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ip_nat_snmp_basic.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ip_conntrack_netbios_ns.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/arpt_mangle.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ipt_ttl.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ipt_ULOG.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ipt_REJECT.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ip_nat_h323.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ipt_TTL.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ip_conntrack_tftp.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ip_conntrack_sip.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ip_conntrack_proto_sctp.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ipt_DSCP.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/kernel/net/ ipv4/netfilter/ip_conntrack_pptp.ko
/lib/modules/2.6.18-53.1.19.el5.028stab053.14ent/ker ...

[ Show the rest of the message ]

Report message to a moderator

Previous Topic: vps could not start when quota is on
Next Topic: Kernal will not load
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sun Aug 25 19:46:06 GMT 2024

Total time taken to generate the page: 0.03935 seconds
Powered by FUDforum Powered by Virtuozzo Containers