OpenVZ Forum: Support » iptables-modules inside ve?!?!? (statistic and marking)

Home » General » Support » iptables-modules inside ve?!?!? (statistic and marking) (??? wtf ???)

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

iptables-modules inside ve?!?!? (statistic and marking) [message #37395]

Sun, 06 September 2009 17:28

n3ph
Messages: 3
Registered: September 2009

Junior Member

hejo..

want to use iptables inside of ve..

skay:/# iptables -t mangle -A OUTPUT -j vpn
skay:/# iptables -t mangle -A vpn -m statistic --mode random --probability 0.5 -j MARK --set-mark 100
FATAL: Could not load /lib/modules/2.6.26-2-openvz-686/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/2.6.26-2-openvz-686/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/2.6.26-2-openvz-686/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/2.6.26-2-openvz-686/modules.dep: No such file or directory
iptables: No chain/target/match by that name
skay:/# iptables -t mangle -A vpn -m mark \! --mark 101 -j MARK --set-mark 101
FATAL: Could not load /lib/modules/2.6.26-2-openvz-686/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/2.6.26-2-openvz-686/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/2.6.26-2-openvz-686/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/2.6.26-2-openvz-686/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/2.6.26-2-openvz-686/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/2.6.26-2-openvz-686/modules.dep: No such file or directory

i have enabled following modules in HW:

opium:/home/n3ph# cat /etc/sysconfig/iptables-config
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

opium:/home/n3ph# cat /etc/sysconfig/vz
IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

in /etc/vz/conf/105.conf :

IPTABLES="ipt_REJECT ipt_recent ipt_owner ipt_REDIRECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

what am i doing wrong????

n3ph

Report message to a moderator

Re: iptables-modules inside ve?!?!? (statistic and marking) [message #37397 is a reply to message #37395]

Sun, 06 September 2009 18:38

n3ph
Messages: 3
Registered: September 2009

Junior Member

on HN the hole script is working...

Report message to a moderator

Re: iptables-modules inside ve?!?!? (statistic and marking) [message #37450 is a reply to message #37395]

Fri, 11 September 2009 15:11

maratrus
Messages: 1495
Registered: August 2007
Location: Moscow

Senior Member

The general way to make an iptables module work inside VE is to load an appropriate kernel module on the HN before a VE is started.
http://download.openvz.org/doc/OpenVZ-Users-Guide.pdf

Report message to a moderator

Re: iptables-modules inside ve?!?!? (statistic and marking) [message #39433 is a reply to message #37395]

Thu, 22 April 2010 12:33

n3ph
Messages: 3
Registered: September 2009

Junior Member

sorry, but i guess i did do that by this:

IPTABLES="ipt_REJECT ipt_recent ipt_owner ipt_REDIRECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

O_o

Report message to a moderator