| iptables inside of containers on a CentOS 6 HN? [message #52218] |
Fri, 25 September 2015 18:35  |
curtis_isparks
Messages: 14
Registered: April 2011
|
Junior Member |
|
|
In the past, running iptables inside of a container has required loading the xt_tcpudp kernel module on the host node, but that no longer works on CentOS 6:
# modprobe xt_tcpudp
FATAL: Module xt_tcpudp not found.
The outdated OpenVZ documentation says, "Note: xt_tcpudp module seem to be included in the kernel packages of Debian 6, but not of CentOS 6."...
h-t-t-p-s://openvz.org/Setting_up_an_iptables_firewall#Setting_up_a_firewall_that_allows_per-container_configuration
But, the above page also still refers to the obsolete IPTABLES= option (the option is now called IPTABLES_MODULES=), so I don't know if anything on that page is valid anymore.
This is with the current OpenVZ stable kernel(2.6.32-042stab111.11) on CentOS 6.7.
The download page makes is look like CentOS 6 is stable and supported. Is that not the case? Is CentOS 5 a better platform for the stable version of OpenVZ?
[Updated on: Fri, 25 September 2015 18:38] Report message to a moderator |
|
|
|
| Re: iptables inside of containers on a CentOS 6 HN? [message #52223 is a reply to message #52218] |
Fri, 25 September 2015 22:53  |
curtis_isparks
Messages: 14
Registered: April 2011
|
Junior Member |
|
|
Ok, I think I was confused by this comment in the default vz.conf file:
## WARNING: IPTABLES parameter is deprecated,
## use per-container (not global!) NETFILTER instead
Looking at my the vz.conf from an older OpenVZ line, it looks like IPTABLES_MODULE is always what it was called there. The above comment refers to the CT.conf and it does appear that the following line in CT.conf does allow it iptables to work:
NETFILTER="full"
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
