IPTables Modules not loading on Boot, although /etc/sysconfig/iptables-config is correct [message #48747] |
Wed, 14 November 2012 10:44 |
MikeDVB
Messages: 12 Registered: April 2010
|
Junior Member |
|
|
I've run into a bit of a strange issue, I'm not sure if it's a bug so I'm looking for some general information at this point.
Linux redacted.redacted.com 2.6.18-308.8.2.el5.028stab101.1 #1 SMP Sun Jun 24 20:25:35 MSD 2012 x86_64 x86_64 x86_64 GNU/Linux
vzctl-4.1-1
vzctl-core-4.1-1
vzctl-core-4.1-1
ovzkernel-devel-2.6.18-308.8.2.el5.028stab101.1
vzquota-3.1-1
ovzkernel-2.6.18-308.8.2.el5.028stab101.1
The IPTABLES_MODULES line from the /etc/sysconfig/iptables-config is:
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ipt_owner ipt_REDIRECT"
When the node boots up, just about every VPS is unreachable from outside the node. If I modprobe all of those modules above, and then restart a VPS I am able to reach it as expected. The same modules are also listed in /etc/vz/vz.conf
My current fix for this is a bit of a kludge - I've disabled the vz service on boot, and then I modprobe those modules followed by service vz start in the /etc/rc.local
If I have a configuration file issue somewhere, ideally I'd just like to fix it and document the issue so others in the future can readily fix the issue. If this is an OpenVZ / Kernel bug - then I'll file the necessary report but don't want to 'jump the gun' on that.
If you need any information at all that isn't provided, let me know.
|
|
|
|