need help using xt_tcpudp and xt_state modules within a VE [message #38724] |
Wed, 20 January 2010 22:17 |
Jimbo
Messages: 9 Registered: November 2008
|
Junior Member |
|
|
Hi, I'm running kernel 2.6.18-164.2.1.el5.028stab066.10 x86_64 and vzctl version 3.0.23 on RHEL 5.4. I would like to use iptables commands such as these within a VE:
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
However, I receive this error when running any one of them:
iptables: Unknown error 18446744073709551615
I am not using any "vzctl --iptables" style restrictions on individual VEs. My /etc/vz/vz.conf has this line in it:
IPTABLES="ipt_REJECT ipt_REDIRECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_nat iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"
I've tried changing it to:
IPTABLES="ipt_REJECT ipt_REDIRECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_nat iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length xt_tcpudp xt_state"
After a reboot the modules are correctly loaded into the kernel by openvz. However, when entering the VE, I get the following errors:
Warning: Unknown iptable module: xt_tcpudp, skipped
Warning: Unknown iptable module: xt_state, skipped
and get the same "Unknown error 18446744073709551615" when running the iptables commands.
How do I configure openvz to allow me to use the xt_tcpudp and xt_state modules within a VE?
|
|
|
|
|