OpenVZ Forum


Home » General » Support » Using the ip_conntrack_tftp iptables module within containers
Using the ip_conntrack_tftp iptables module within containers [message #36893] Tue, 28 July 2009 14:02
triangle
Messages: 6
Registered: May 2009
Junior Member
Hi

I do not manage to use the iptables module ip_conntrack_tftp within a container. Here is what I have configured:

ip_conntrack_tftp is loaded on the host node:

[root@hostnode ~]# lsmod | grep tftp
ip_conntrack_tftp 8184 0
ip_conntrack 60228 11 vzrst,vzcpt,ip_conntrack_tftp,xt_state,ip_nat_ftp,ip_nat,ip_ conntrack_ftp
[root@hostnode ~]#

The command below yields this error message:

[root@hostnode ~]# vzctl set 105 --iptables ip_conntrack_tftp --save
Warning: Unknown iptable module: ip_conntrack_tftp, skipped
Bad parameter for --iptables: ip_conntrack_tftp

Defining ip_conntrack_tftp in the IPTABLES variable of the file /etc/sysconfig/vz yields the message "Warning: Unknown iptable module: ip_conntrack_tftp, skipped" when starting the container.

This is what the "vzctl" man page is saying:

...
Iptables control parameters

--iptables name
Restrict access to iptables modules inside a container (by default all iptables modules that are loaded in the host system are accessible inside a container).

You can use the following values for name: iptable_filter, iptable_mangle, ipt_limit, ipt_multiport, ipt_tos, ipt_TOS, ipt_REJECT, ipt_TCPMSS, ipt_tcpmss, ipt_ttl, ipt_LOG, ipt_length, ip_conntrack, ip_conntrack_ftp,
ip_conntrack_irc, ipt_conntrack, ipt_state, ipt_helper, iptable_nat, ip_nat_ftp, ip_nat_irc, ipt_REDIRECT, xt_mac, ipt_owner.
...

Here I see that the command "vzctl set 105 --iptables ip_conntrack_tftp --save" will not work since ip_conntrack_tftp is not on the list of supported modules for this command.

==> Does this mean that ip_conntrack_tftp cannot be used at all within containers (even though the man pages says that "by default all iptables modules that are loaded in the host system are accessible inside a container")?

If ip_conntrack_tftp can be used within containers: How is it configured?

I am using these OpenVZ software packages:

[root@hostnode ~]# rpm -qa | grep vz
ovzkernel-devel-2.6.18-128.1.1.el5.028stab062.3
vzquota-3.0.12-1
vzrpm44-python-4.4.1-22.5
vzctl-lib-3.0.23-1
vzrpm44-4.4.1-22.5
vzrpm43-python-4.3.3-7_nonptl.6
vzctl-3.0.23-1
vzyum-2.4.0-11
vzrpm43-4.3.3-7_nonptl.6
vztmpl-centos-5-2.0-3
vzdump-1.1-2
ovzkernel-2.6.18-128.1.1.el5.028stab062.3
vzpkg-2.7.0-18
[root@hostnode ~]#

Thanks for clarification.

David

Report message to a moderator

[Message index]
 
Read Message
Previous Topic: Awful proxy_arp performance
Next Topic: VPS uses HE process (running Firefox)
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Tue Jul 23 20:11:57 GMT 2024

Total time taken to generate the page: 0.02434 seconds
Powered by FUDforum Powered by Virtuozzo Containers