| *SOLVED* iptables state in VE broken [message #14515] |
Sat, 30 June 2007 00:56  |
dlzinc
Messages: 34
Registered: March 2006
|
Member |
|
|
uname -r
2.6.18-8.1.4.el5.028stab035.1
Host is CentOS 5 x86_64
VE is also CentOS 5 x86_64
If I do:
iptables -F
iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -P DROP
I would expect to be able to SSH into this VE, however I can't. Using vzctl enter, I saw the counters for DROP incremented and the single iptables line counter is still 0. There also is no /proc/net/ip_conntrack present inside the VE.
IPTABLES (in the ve .conf file) is not set, all other modules appear to work (e.g. ipt_owner)
conntrack is loaded on the HN and was loaded before the VE was started. Any ideas? or bug...
Oddly enough, I have another box:
2.6.18-8.1.4.el5.028stab035.1
Host is CentOS 4 x86_64
VE is also CentOS 4 i686
state tracking works properly (and there's a /proc/net/ip_conntrack in the VE)
[Updated on: Sun, 01 July 2007 16:49] by Moderator Report message to a moderator |
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
