OpenVZ Forum


Home » General » Support » *SOLVED* Unable to create outgoing iptables rules
*SOLVED* Unable to create outgoing iptables rules [message #9091] Sun, 17 December 2006 14:48 Go to next message
optize is currently offline  optize
Messages: 33
Registered: September 2006
Member
[root@vps /]# iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name

[root@vps /]# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source

[root@vz101 vz]# cat vz.conf | grep IPTA
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"
[root@vz101 vz]#

Thanks Very Happy

[Updated on: Mon, 18 December 2006 06:23] by Moderator

Report message to a moderator

Re: Unable to create outgoing iptables rules [message #9092 is a reply to message #9091] Sun, 17 December 2006 19:48 Go to previous messageGo to next message
curx
Messages: 739
Registered: February 2006
Location: Nürnberg, Germany
Senior Member

Hi,

iptable module "ipt_state" is missing:
Add ipt_state to your iptables default mask (-> /etc/vz/vz.conf) and to your VE config (-> /etc/vz/conf/VE.conf).

Regards,
Thorsten

[Updated on: Sun, 17 December 2006 19:52]

Report message to a moderator

Re: Unable to create outgoing iptables rules [message #9093 is a reply to message #9092] Sun, 17 December 2006 20:45 Go to previous messageGo to next message
optize is currently offline  optize
Messages: 33
Registered: September 2006
Member
Where do I add it to 900.conf?

[root@vz101 conf]# cat 900.conf
# Copyright (C) 2000-2006 SWsoft. All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#

ONBOOT="yes"

# UBC parameters (in form of barrier:limit)
# Primary parameters
AVNUMPROC="40:40"
NUMPROC="999999:999999"
NUMTCPSOCK="7999992:7999992"
NUMOTHERSOCK="7999992:7999992"
VMGUARPAGES="131072:2147483647"
# Secondary parameters
KMEMSIZE="299997000:299997000"
TCPSNDBUF="16777216:33554432"
TCPRCVBUF="16777216:33554432"
OTHERSOCKBUF="16777216:33554432"
DGRAMRCVBUF="16777216:33554432"
OOMGUARPAGES="6144:2147483647"
# Auxiliary parameters
LOCKEDPAGES="32:32"
SHMPAGES="8192:8192"
PRIVVMPAGES="256000:256000"
NUMFILE="15999984:15999984"
NUMFLOCK="999999:999999"
NUMPTY="16:16"
NUMSIGINFO="999999:999999"
DCACHESIZE="1023989760:1023989760"

PHYSPAGES="0:2147483647"
NUMIPTENT="128:128"

# Disk quota parameters (in form of softlimit:hardlimit)
DISKSPACE="20480000:20480000"
DISKINODES="2048000:2048000"
QUOTATIME="0"

# CPU fair sheduler parameter
CPUUNITS="1000"
VE_ROOT="/vz/root/$VEID"
VE_PRIVATE="/vz/private/900"
OSTEMPLATE="centos-4-i386-default"
ORIGIN_SAMPLE="vps.basic"
CPULIMIT="20"
IP_ADDRESS="38.114.x.x"
MEMINFO="privvmpages:256"

[Updated on: Sun, 17 December 2006 20:45]

Report message to a moderator

Re: Unable to create outgoing iptables rules [message #9097 is a reply to message #9093] Sun, 17 December 2006 21:39 Go to previous messageGo to next message
curx
Messages: 739
Registered: February 2006
Location: Nürnberg, Germany
Senior Member

Hi,

add to your 900.conf
(with all iptables modules used in /etc/vz/vz.conf)

# echo "IPTABLES=\"ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state\"" >> /etc/vz/conf/900.conf

and/or use vzctl to add iptables settings (-> man vzctl!)

Re: Unable to create outgoing iptables rules [message #9098 is a reply to message #9097] Sun, 17 December 2006 21:45 Go to previous message
optize is currently offline  optize
Messages: 33
Registered: September 2006
Member
curx wrote on Sun, 17 December 2006 16:39

Hi,

add to your 900.conf
(with all iptables modules used in /etc/vz/vz.conf)

# echo "IPTABLES=\"ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state\"" >> /etc/vz/conf/900.conf

and/or use vzctl to add iptables settings (-> man vzctl!)




Works like a champ, THANKS!
Previous Topic: error cpanel
Next Topic: *SOLVED* Unable to fork: Cannot allocate memory
Goto Forum:
  


Current Time: Fri Mar 29 05:38:39 GMT 2024

Total time taken to generate the page: 0.01749 seconds