| *SOLVED* Unable to create outgoing iptables rules [message #9091] |
Sun, 17 December 2006 14:48  |
optize
Messages: 33
Registered: September 2006
|
Member |
|
|
[root@vps /]# iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name
[root@vps /]# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source
[root@vz101 vz]# cat vz.conf | grep IPTA
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"
[root@vz101 vz]#
Thanks 
[Updated on: Mon, 18 December 2006 06:23] by Moderator Report message to a moderator |
|
|
|
|
|
| Re: Unable to create outgoing iptables rules [message #9093 is a reply to message #9092] |
Sun, 17 December 2006 20:45  |
optize
Messages: 33
Registered: September 2006
|
Member |
|
|
Where do I add it to 900.conf?
[root@vz101 conf]# cat 900.conf
# Copyright (C) 2000-2006 SWsoft. All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
ONBOOT="yes"
# UBC parameters (in form of barrier:limit)
# Primary parameters
AVNUMPROC="40:40"
NUMPROC="999999:999999"
NUMTCPSOCK="7999992:7999992"
NUMOTHERSOCK="7999992:7999992"
VMGUARPAGES="131072:2147483647"
# Secondary parameters
KMEMSIZE="299997000:299997000"
TCPSNDBUF="16777216:33554432"
TCPRCVBUF="16777216:33554432"
OTHERSOCKBUF="16777216:33554432"
DGRAMRCVBUF="16777216:33554432"
OOMGUARPAGES="6144:2147483647"
# Auxiliary parameters
LOCKEDPAGES="32:32"
SHMPAGES="8192:8192"
PRIVVMPAGES="256000:256000"
NUMFILE="15999984:15999984"
NUMFLOCK="999999:999999"
NUMPTY="16:16"
NUMSIGINFO="999999:999999"
DCACHESIZE="1023989760:1023989760"
PHYSPAGES="0:2147483647"
NUMIPTENT="128:128"
# Disk quota parameters (in form of softlimit:hardlimit)
DISKSPACE="20480000:20480000"
DISKINODES="2048000:2048000"
QUOTATIME="0"
# CPU fair sheduler parameter
CPUUNITS="1000"
VE_ROOT="/vz/root/$VEID"
VE_PRIVATE="/vz/private/900"
OSTEMPLATE="centos-4-i386-default"
ORIGIN_SAMPLE="vps.basic"
CPULIMIT="20"
IP_ADDRESS="38.114.x.x"
MEMINFO="privvmpages:256"
[Updated on: Sun, 17 December 2006 20:45] Report message to a moderator |
|
|
|
|
|
| Re: Unable to create outgoing iptables rules [message #9098 is a reply to message #9097] |
Sun, 17 December 2006 21:45 |
optize
Messages: 33
Registered: September 2006
|
Member |
|
|
| curx wrote on Sun, 17 December 2006 16:39 |
Hi,
add to your 900.conf
(with all iptables modules used in /etc/vz/vz.conf)
# echo "IPTABLES=\"ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state\"" >> /etc/vz/conf/900.conf
and/or use vzctl to add iptables settings (-> man vzctl!)
|
Works like a champ, THANKS!
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
