# grep -i iptables /etc/vz/vz.conf
## IPv4 iptables kernel modules
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"

# lsmod | grep nat
iptable_nat            13188  1 
ip_nat                 22288  2 vzrst,iptable_nat
ip_conntrack           60356  7 vzrst,vzcpt,ip_conntrack_netbios_ns,xt_conntrack,xt_state,iptable_nat,ip_nat
nfnetlink              10648  2 ip_nat,ip_conntrack
ip_tables              18760  3 iptable_filter,iptable_mangle,iptable_nat
x_tables               19204  18 xt_length,ipt_ttl,xt_tcpmss,ipt_TCPMSS,xt_multiport,xt_limit,ipt_tos,ipt_recent,xt_conntrack,ipt_REJECT,ipt_LOG,xt_state,xt_MARK,iptable_nat,ip_tables,ip6t_REJECT,xt_tcpudp,ip6_tables
# vzctl start 115
...
# vzctl enter 115     
# iptables -t nat -nvL
iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
^D
# vzctl set 115 --iptables "iptable_nat iptable_filter iptable_mangle ip_conntrack ipt_conntrack ipt_REDIRECT ipt_REJECT ipt_multiport ipt_helper ipt_LOG ipt_state" --save
Saved parameters for VE 115

# vzctl restart 115
...
# vzctl enter 115
# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination