OpenVZ Forum - RDF feed
https://new-forum.openvz.org/index.php
Connection Tracking inside a VPS
https://new-forum.openvz.org/index.phpindex.php?t=rview&goto=44172&th=10215#msg_44172
I tried to do a firewall inside a VPS. I inserted in the .conf file a
line like this
IPTABLES="ip_conntrack ip_...
and tried to use the connection tacking like this
root@gw:~# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j
ACCEPT
iptables: No chain/target/match by that name.
but it looks like there is no module for connection tracking.
Could anybody give me a hint?
Thanks
Daniel]]>Daniel Bauer2011-11-23T10:31:16-00:00Re: Connection Tracking inside a VPS
https://new-forum.openvz.org/index.phpindex.php?t=rview&goto=44180&th=10215#msg_44180
mlist@dsb-gmbh.de>:
> Hi @all,
>
> I tried to do a firewall inside a VPS. I inserted in the .conf file
> a line like this
> IPTABLES="ip_conntrack ip_...
To which *.conf file have you added this? It is needed in vz.conf so
the modules get loaded by starting OpenVZ at the HN. You will also
need ipt_filter as far as i remember. You can try iptables with
conntrack on the HN, if it works there it should work inside VE too.
But don't try it with IPv6.
> and tried to use the connection tacking like this
> root@gw:~# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> iptables: No chain/target/match by that name.
>
> but it looks like there is no module for connection tracking.
Check with lsmod on the HN what is loaded. The VE is not able to load
any modules on demand.
Regards
Andreas]]>MailingListe2011-11-23T11:01:26-00:00Re: Connection Tracking inside a VPS - SOLVED
https://new-forum.openvz.org/index.phpindex.php?t=rview&goto=44182&th=10215#msg_44182
From: <lst_hoe02@kwsoft.de>
> Zitat von Daniel Bauer <mlist@dsb-gmbh.de>:
>
>> Hi @all,
>>
>> I tried to do a firewall inside a VPS. I inserted in the .conf file
>> a line like this
>> IPTABLES="ip_conntrack ip_...
>
> To which *.conf file have you added this? It is needed in vz.conf so
> the modules get loaded by starting OpenVZ at the HN. You will also
> need ipt_filter as far as i remember. You can try iptables with
> conntrack on the HN, if it works there it should work inside VE too.
ok, this was the failure, I've added this in the VPS*.conf, not in the
vz.conf, now it works.
> But don't try it with IPv6.
It's only an IPv4 net. IPv6 is scheduled for next year ;)
>> and tried to use the connection tacking like this
>> root@gw:~# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j
>> ACCEPT
>> iptables: No chain/target/match by that name.
>>
>> but it looks like there is no module for connection tracking.
>
> Check with lsmod on the HN what is loaded. The VE is not able to load
> any modules on demand.
The loading in the HN was successfull, but I've not allowed in the
vz.conf :(
Thanks a lot for you help!
Daniel]]>Daniel Bauer2011-11-23T12:14:09-00:00