OpenVZ Forum


Home » General » Support » iptables: No chain/target/match by that name (Some issues with iptables log in a container)
iptables: No chain/target/match by that name [message #39458] Mon, 26 April 2010 16:31 Go to next message
KuKrApOk is currently offline  KuKrApOk
Messages: 2
Registered: April 2010
Junior Member
Hello,

I have this error in a container when I try to LOG with iptables

This is my configuration for iptables :

On HW :

in vz.conf :
IPTABLES="ip_tables ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state ipt_LOG"


in 101.conf
PTABLES="ip_tables ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state ipt_LOG"

(the same line)

I already do this on HW:
(seen here : http://wiki.openvz.org/Setting_up_an_iptables_firewall)

modprobe xt_tcpudp
modprobe ip_conntrack
modprobe xt_state


In the container (leela) I run the following :

root@leela:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain LOG_DROP (0 references)
target     prot opt source               destination

root@leela:~# iptables -A INPUT -j LOG
iptables: No chain/target/match by that name


How can I do to enable logging iptables in contaniers ?
(No trouble with other iptables stuff)
Is there something I missed ?

I apologise for my rusty english, I'm french

[Updated on: Mon, 26 April 2010 16:32]

Report message to a moderator

Re: iptables: No chain/target/match by that name [message #39480 is a reply to message #39458] Fri, 30 April 2010 13:29 Go to previous messageGo to next message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Hello,

please make sure that ipt_LOG module is loaded on the HN.
It must be loaded before VE is started.

Report message to a moderator

Re: iptables: No chain/target/match by that name [message #39482 is a reply to message #39480] Fri, 30 April 2010 13:45 Go to previous messageGo to next message
KuKrApOk is currently offline  KuKrApOk
Messages: 2
Registered: April 2010
Junior Member
Hello,

I had some other issues with my HN, so I had to reinstall it

I did exactly the same as before, but I didn't execute :
modprobe xt_tcpudp
modprobe ip_conntrack
modprobe xt_state

On the HN.

But, I can see them loaded with a lsmod

root@Zoidberg:~# lsmod | egrep "xt_tcpudp|ip_conntrack|xt_state"
xt_tcpudp              12160  12 
xt_state               11264  3 
nf_conntrack          102880  2 nf_conntrack_ipv4,xt_state
x_tables               34056  13 xt_comment,xt_tcpudp,ipt_LOG,xt_state,xt_length,ipt_ttl,xt_tcpmss,xt_TCPMSS,xt_multiport,xt_limit,ipt_tos,ipt_REJECT,ip_tables


I don't know if this changes something, but now it works perfectly
Both on HN, and in Containers

So, please, consider this topic as [RESOLVED]

[Updated on: Fri, 30 April 2010 13:47]

Report message to a moderator

Re: iptables: No chain/target/match by that name [message #48900 is a reply to message #39458] Wed, 09 January 2013 00:06 Go to previous message
slakebox is currently offline  slakebox
Messages: 1
Registered: January 2013
Location: Portugal
Junior Member
Thanks to maratrus!

Enabling ipt_LOG on my HN did it for me.

modprobe ipt_LOG

Report message to a moderator

Previous Topic: How to change the navigation error message
Next Topic: Was sind supporters?
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Fri Oct 11 18:25:52 GMT 2024

Total time taken to generate the page: 0.06957 seconds
Powered by FUDforum Powered by Virtuozzo Containers