OpenVZ Forum: Support » iptables on OpenVZ issue

Home » General » Support » iptables on OpenVZ issue

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

iptables on OpenVZ issue [message #51357]

Sun, 27 April 2014 08:33

slrslr
Messages: 12
Registered: April 2014

Junior Member

iptables: Applying firewall rules: iptables-restore: line 44 failed

So i did flush and reinstall of iptables:

iptables -F
yum reinstall iptables

did not helped

So i chacked my OpenVZ VPS config file on host node (/etc/vz/conf/860.conf) and it contains some rules:

IPTABLES="ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl
ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp ipt_recent ipt_owner"

so i restarted VPS: vzctl restart 860

Then entered VM: vzctl enter 860
entered into CT 860

service iptables status
Table: mangle
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
....various rules here.....

service iptables stop
iptables: Setting chains to policy ACCEPT: mangle filter na[ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]

service iptables start
iptables: Applying firewall rules: iptables-restore: line 44 failed
[FAILED]

Anyone knows please how to find issue? Rolling Eyes

Report message to a moderator

Re: iptables on OpenVZ issue [message #51362 is a reply to message #51357]

Mon, 28 April 2014 07:05

Paparaciz
Messages: 302
Registered: August 2009

Senior Member

for the start point you should debug which iptable rule doesn't work.

Report message to a moderator

Re: iptables on OpenVZ issue [message #51365 is a reply to message #51362]

Mon, 28 April 2014 09:50

slrslr
Messages: 12
Registered: April 2014

Junior Member

Not sure why, but modprobe commands (modprobe iptablesmodulename) was not run on host node server reboot. I thought i wont need to execute these on each openvz server boot.

Report message to a moderator

Re: iptables on OpenVZ issue [message #51366 is a reply to message #51357]

Mon, 28 April 2014 20:37

Paparaciz
Messages: 302
Registered: August 2009

Senior Member

what exactly iptables modules you modprobed?

[Updated on: Mon, 28 April 2014 20:37]

Report message to a moderator

Re: iptables on OpenVZ issue [message #51367 is a reply to message #51366]

Mon, 28 April 2014 20:52

slrslr
Messages: 12
Registered: April 2014

Junior Member

Paparaciz wrote on Mon, 28 April 2014 16:37

what exactly iptables modules you modprobed?

These which i set for my VM:
IPTABLES="ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp ipt_recent ipt_owner"
just adding modprobe before module name

Report message to a moderator

Previous Topic:	Can't add ELRepo to CentOS 6 because of OpenVZ kernel. Is it ABI Compatible?
Next Topic:	Are the kernels maintained by OpenVZ ABI compatible with the upstream RHEL kernels?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Mon May 06 23:56:55 GMT 2024

Total time taken to generate the page: 0.01620 seconds