| 
		
			| CSF xt_connlimit on vm failed [message #42978] | Fri, 24 June 2011 09:10  |  
			| 
				
				
					|  Bapu Desi Messages: 1
 Registered: June 2011
 | Junior Member |  |  |  
	| Hello everybody, 
 i'm trying to find solution but i found nothing about my problem can you please help me it will be grateful of you.
 
 i have installed CSF on my vm based on proxmox but i have only 2 error i have fixed all others but can't find solution for 2 only.
 
 on Vm
 
 Quote:
 server24535:~# /etc/csf/csftest.pl
 Testing ip_tables/iptable_filter...OK
 Testing ipt_LOG...OK
 Testing ipt_multiport/xt_multiport...OK
 Testing ipt_REJECT...OK
 Testing ipt_state/xt_state...OK
 Testing ipt_limit/xt_limit...OK
 Testing ipt_recent...OK
 Testing xt_connlimit...FAILED [Error: iptables: Unknown error 18446744073709551615] - Required for CONNLIMIT feature
 Testing ipt_owner/xt_owner...OK
 Testing iptable_nat/ipt_REDIRECT...OK
 
 
 I would like to fix xt_connlimit.
 Network is set as bridge and not venet.
 
 on main server i have set for my /etc/vz/vz.conf
 Quote:
 ## IPv4 iptables kernel modules
 IPTABLES="ipt_REJECT ipt_recent ipt_owner ipt_REDIRECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_le ipt_length ipt_state iptable_nat ip_nat_ftp"
 
 also do i need to edit
 these files?
 Quote:
 /var/lib/vz/private/101/etc/sysconfig/iptables-config/var/lib/vz/private/102/etc/sysconfig/iptables-config
 /var/lib/vz/root/101/etc/sysconfig/iptables-config
 /var/lib/vz/root/102/etc/sysconfig/iptables-config
 
 
 when i have added xt_connlimit to /etc/vz/vz.conf
 Quote:
 ## IPv4 iptables kernel modulesIPTABLES="ipt_REJECT ipt_recent ipt_owner ipt_REDIRECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_le ipt_length ipt_state iptable_nat ip_nat_ftp xt_connlimit"
 
 
 now getting this these warning when entering in the VM
 
 Quote:
 server24535:~# vzctl enter 101Warning: Unknown iptable module: ipt_le, skipped
 Warning: Unknown iptable module: xt_connlimit, skipped
 
 
 thank you in advance for your help
 |  
	|  |  | 
	|  | 
	|  | 
	|  | 
	|  | 
	| 
		
			| Re: CSF xt_connlimit on vm failed [message #45590 is a reply to message #42978] | Wed, 21 March 2012 08:56  |  
			| 
				
				
					|  Dexus Messages: 3
 Registered: April 2010
 | Junior Member |  |  |  
	| ^ That is not the case here.
 
 connlimit is working on the node and in the containers, only VZ tools are reporting this warning about unknown module...
 
 This is from the host node with connlimit module loaded on CentOS 6...
 
 
 
# lsmod | grep connlimit
xt_connlimit            3446  1
nf_conntrack           80693  7 vzrst,xt_connlimit,nf_conntrack_ftp,iptable_nat,nf_nat,nf_conntrack_ipv4,xt_state
# iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECT
# iptables --list -n | grep conn
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:23 flags:0x17/0x02 #conn/32 > 2 reject-with icmp-port-unreachable
 As you can see it's working.
 
 But there is still a warning on every vz tool execution...
 
 
 # vzlist
Warning: Unknown iptable module: xt_connlimit, skipped
      CTID      NPROC STATUS    IP_ADDR         HOSTNAME
 Here is vzlist trace, where you can see that vzlist is reporting warning after it load the modules list from vz.conf...
 
 
 open("/etc/vz/vz.conf", O_RDONLY)       = 3
stat("/etc/vz/vz.conf", {st_mode=S_IFREG|0644, st_size=1392, ...}) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=1392, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdafb187000
read(3, "## Global parameters\nVIRTUOZZO=y"..., 4096) = 1392
write(2, "Warning: Unknown iptable module:"..., 54Warning: Unknown iptable module: xt_connlimit, skipped) = 54
write(2, "\n", 1
)                       = 1
read(3, "", 4096)                       = 0
close(3)                                = 0
 |  
	|  |  |