OpenVZ Forum


Home » International » Russian » iptables
iptables [message #2975] Thu, 04 May 2006 12:49 Go to next message
knutov is currently offline  knutov
Messages: 79
Registered: December 2005
Location: Perm, Russia
Member
К вопросу о http://forum.openvz.org/index.php?t=msg&th=535&start =0&

У меня та же проблема.

/sbin/iptables -t nat -A PREROUTING -p tcp --dport 2525 -j REDIRECT --to-ports 25
iptables: No chain/target/match by that name


Перед этим делал
vzctl stop 121
vzctl set 121 --iptables iptable_filter --iptables ipt_length --iptables ipt_limit --iptables iptable_mangle --iptables ipt_REJECT --iptables iptable_nat --iptables ipt_REDIRECT --save
vzctl start 121

И сорри, я по ошибке вначале а английский форум запостил ( http://forum.openvz.org/index.php?t=msg&th=538&start =0&) - удалите там пожалуйста.

Report message to a moderator

Re: iptables [message #2978 is a reply to message #2975] Thu, 04 May 2006 13:25 Go to previous messageGo to next message
dim is currently offline  dim
Messages: 344
Registered: August 2005
Senior Member
Скорее всего не хватает ip_conntrack модуля в списке.
cat /etc/sysconfig/vz-scripts/121.conf | grep IPTABLES

http://static.openvz.org/openvz_userbar_en.gif

Report message to a moderator

Re: iptables [message #2981 is a reply to message #2975] Thu, 04 May 2006 16:24 Go to previous messageGo to next message
knutov is currently offline  knutov
Messages: 79
Registered: December 2005
Location: Perm, Russia
Member
vzctl set 121 --iptables iptable_filter --iptables ipt_length --iptables ipt_limit --iptables iptable_mangle --iptables ipt_REJECT --iptables iptable_nat --iptables ipt_REDIRECT --iptables ip_conntrack --save

vzctl restart

# /sbin/iptables -t nat -A PREROUTING -p tcp --dport 2525 -j REDIRECT --to-ports 25
iptables: No chain/target/match by that name


# cat /etc/sysconfig/vz-scripts/121.conf | grep IPTABLES
IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_REJECT ipt_length ip_conntrack iptable_nat ipt_REDIRECT "

Report message to a moderator

Re: iptables [message #3003 is a reply to message #2975] Sat, 06 May 2006 09:16 Go to previous messageGo to next message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member
Простите за дурацкий вопрос, но модули до старта VPS загружены?
# lsmod

проделал только что написано Вами, а именно загрузил модули, указал IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_REJECT ipt_length ip_conntrack iptable_nat ipt_REDIRECT "

И вот результат:
-bash-3.00# iptables -t nat -A PREROUTING -p tcp --dport 2525 -j REDIRECT --to-ports 25
-bash-3.00# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
REDIRECT   tcp  --  anywhere             anywhere            tcp dpt:2525 redir ports 25

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination



http://static.openvz.org/userbars/openvz-developer.png

Report message to a moderator

Re: iptables [message #3047 is a reply to message #2975] Tue, 09 May 2006 18:26 Go to previous messageGo to next message
knutov is currently offline  knutov
Messages: 79
Registered: December 2005
Location: Perm, Russia
Member
Возможно я чего-то не понимаю.

порт 25 вытащить на 2525 я пытаюсь внутри вдс. Сейчас оно говорит
# /sbin/iptables -t nat -A PREROUTING -p tcp --dport 2525 -j REDIRECT --to-ports 25
iptables v1.3.0: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

# /sbin/iptables -L -t nat
iptables v1.3.0: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)

Это всё внутри вдс.

На ноде:

# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

# lsmod | grep nat
iptable_nat 26492 2
...

Report message to a moderator

Re: iptables [message #3048 is a reply to message #3047] Tue, 09 May 2006 18:31 Go to previous messageGo to next message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member
несколько дурацких вопросов:
- версия ядра
- OS template VPS (i386 или x86-64?)
- lsmod output from host system
- cat /etc/sysconfig/vz | grep IPTABLES
- cat /etc/sysconfig/vz-scripts/<VPSID>.conf | grep IPTABLES

http://static.openvz.org/userbars/openvz-developer.png

Report message to a moderator

Re: iptables [message #3050 is a reply to message #2975] Tue, 09 May 2006 19:12 Go to previous messageGo to next message
knutov is currently offline  knutov
Messages: 79
Registered: December 2005
Location: Perm, Russia
Member
# uname -a
Linux rustelekom3.localhost.localdomain 2.6.8-022stab077.1 #1 Fri Apr 21 16:50:02 MSD 2006 i686 i686 i386 GNU/Linux


i386, fc4-minimal, directadmin

/sbin/iptables
iptables v1.3.0: no command specified


# lsmod
Module Size Used by
iptable_nat 26492 2
ip_conntrack 35752 2 iptable_nat
tun 6592 0
simfs 3324 21
vzdquota 38736 21 [permanent]
af_packet 16360 0
ipt_length 1504 21
ipt_ttl 1632 19
ipt_tcpmss 1920 19
ipt_TCPMSS 3648 19
iptable_mangle 4256 21
iptable_filter 4096 21
ipt_multiport 1760 19
ipt_limit 1952 21
ipt_tos 1408 19
ipt_REJECT 5568 21
ip_tables 20880 11 iptable_nat,ipt_length,ipt_ttl,ipt_tcpmss,ipt_TCPMSS,iptable _mangle,iptable_filter,ipt_multiport,ipt_limit,ipt_tos,ipt_R EJECT
sunrpc 129028 1
vznetdev 12480 43
vzmon 41664 22 vznetdev
vzdev 1792 3 vzdquota,vznetdev,vzmon
thermal 10096 0
processor 10244 1 thermal
fan 2668 0
button 4408 0
battery 7052 0
asus_acpi 8920 0
ac 3084 0
ohci_hcd 17988 0
ehci_hcd 25604 0
usbcore 100356 4 ohci_hcd,ehci_hcd
sis900 16932 0


cat /etc/sysconfig/vz | grep IPTABLES
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"


# cat /etc/sysconfig/vz-scripts/121.conf | grep IPTABLES
IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_REJECT ipt_length ip_conntrack iptable_nat ipt_REDIRECT "

Report message to a moderator

Re: iptables [message #3060 is a reply to message #3050] Wed, 10 May 2006 08:26 Go to previous message
dim is currently offline  dim
Messages: 344
Registered: August 2005
Senior Member
У меня только одно предположение - модуль iptable_nat не был загружен до старта VPS, а был загружен командой iptables -t nat -L на ноде уже после.

http://static.openvz.org/openvz_userbar_en.gif

Report message to a moderator

Previous Topic: статистика под дискам вдс-ок
Next Topic: vzquota
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Fri Nov 08 02:43:33 GMT 2024

Total time taken to generate the page: 0.03349 seconds
Powered by FUDforum Powered by Virtuozzo Containers