| Connection Tracking inside a VPS [message #44172] |
Wed, 23 November 2011 10:31  |
Daniel Bauer
Messages: 37
Registered: February 2006
|
Member |
|
|
Hi @all,
I tried to do a firewall inside a VPS. I inserted in the .conf file a
line like this
IPTABLES="ip_conntrack ip_...
and tried to use the connection tacking like this
root@gw:~# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j
ACCEPT
iptables: No chain/target/match by that name.
but it looks like there is no module for connection tracking.
Could anybody give me a hint?
Thanks
Daniel
|
|
|
|
|
|
| Re: Connection Tracking inside a VPS - SOLVED [message #44182 is a reply to message #44180] |
Wed, 23 November 2011 12:14  |
Daniel Bauer
Messages: 37
Registered: February 2006
|
Member |
|
|
Hallo Andreas,
From: <lst_hoe02@kwsoft.de>
> Zitat von Daniel Bauer <mlist@dsb-gmbh.de>:
>
>> Hi @all,
>>
>> I tried to do a firewall inside a VPS. I inserted in the .conf file
>> a line like this
>> IPTABLES="ip_conntrack ip_...
>
> To which *.conf file have you added this? It is needed in vz.conf so
> the modules get loaded by starting OpenVZ at the HN. You will also
> need ipt_filter as far as i remember. You can try iptables with
> conntrack on the HN, if it works there it should work inside VE too.
ok, this was the failure, I've added this in the VPS*.conf, not in the
vz.conf, now it works.
> But don't try it with IPv6.
It's only an IPv4 net. IPv6 is scheduled for next year ;)
>> and tried to use the connection tacking like this
>> root@gw:~# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j
>> ACCEPT
>> iptables: No chain/target/match by that name.
>>
>> but it looks like there is no module for connection tracking.
>
> Check with lsmod on the HN what is loaded. The VE is not able to load
> any modules on demand.
The loading in the HN was successfull, but I've not allowed in the
vz.conf :(
Thanks a lot for you help!
Daniel
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
