OpenVZ Forum


Home » Mailing lists » Users » NFQUEUE in VE
NFQUEUE in VE [message #44401] Tue, 06 December 2011 00:07 Go to next message
U.Mutlu is currently offline  U.Mutlu
Messages: 12
Registered: October 2011
Junior Member
From: *parallels.com
I need to use, in a VE, an app that uses libnetfilter_queue (ie. the NFQUEUE target of iptables).
Which module do I need to specify in vz.cfg (IPTABLES="...") ?

I tried the following modules

find /lib/modules/ -iname "*queu*" -ls
/lib/modules/2.6.32-5-openvz-amd64/kernel/drivers/md/dm-queu e-length.ko
/lib/modules/2.6.32-5-openvz-amd64/kernel/net/ipv6/netfilter /ip6_queue.ko
/lib/modules/2.6.32-5-openvz-amd64/kernel/net/netfilter/nfne tlink_queue.ko
/lib/modules/2.6.32-5-openvz-amd64/kernel/net/netfilter/xt_N FQUEUE.ko
/lib/modules/2.6.32-5-openvz-amd64/kernel/net/ipv4/netfilter /ip_queue.k

but vzctl gives such errors/warnings, and the app cannot access the NFQUEUE queue:
Warning: Unknown iptable module: nfnetlink_queue, skipped

The same app on the HN works fine.
So, how can I use NFQUEUE on the VE ?
Re: NFQUEUE in VE [message #44443 is a reply to message #44401] Wed, 07 December 2011 17:39 Go to previous messageGo to next message
U.Mutlu is currently offline  U.Mutlu
Messages: 12
Registered: October 2011
Junior Member
From: *parallels.com
Has nobody an answer to this problem?


U.Mutlu wrote, On 12/06/2011 01:07 AM:
> I need to use, in a VE, an app that uses libnetfilter_queue (ie. the NFQUEUE target of iptables).
> Which module do I need to specify in vz.cfg (IPTABLES="...") ?
>
> I tried the following modules
>
> find /lib/modules/ -iname "*queu*" -ls
> /lib/modules/2.6.32-5-openvz-amd64/kernel/drivers/md/dm-queu e-length.ko
> /lib/modules/2.6.32-5-openvz-amd64/kernel/net/ipv6/netfilter /ip6_queue.ko
> /lib/modules/2.6.32-5-openvz-amd64/kernel/net/netfilter/nfne tlink_queue.ko
> /lib/modules/2.6.32-5-openvz-amd64/kernel/net/netfilter/xt_N FQUEUE.ko
> /lib/modules/2.6.32-5-openvz-amd64/kernel/net/ipv4/netfilter /ip_queue.k
>
> but vzctl gives such errors/warnings, and the app cannot access the NFQUEUE queue:
> Warning: Unknown iptable module: nfnetlink_queue, skipped
>
> The same app on the HN works fine.
> So, how can I use NFQUEUE on the VE ?
Re: NFQUEUE in VE [message #44465 is a reply to message #44443] Fri, 09 December 2011 11:03 Go to previous messageGo to next message
U.Mutlu is currently offline  U.Mutlu
Messages: 12
Registered: October 2011
Junior Member
From: *parallels.com
For the interested ones: here are similar postings regarding the same issue:
http://forum.openvz.org/index.php?t=msg&goto=40984&
and a bugreport here:
http://bugzilla.openvz.org/show_bug.cgi?id=1677


U.Mutlu wrote, On 12/07/2011 06:39 PM:
> Has nobody an answer to this problem?
>
>
> U.Mutlu wrote, On 12/06/2011 01:07 AM:
>> I need to use, in a VE, an app that uses libnetfilter_queue (ie. the NFQUEUE target of iptables).
>> Which module do I need to specify in vz.cfg (IPTABLES="...") ?
>>
>> I tried the following modules
>>
>> find /lib/modules/ -iname "*queu*" -ls
>> /lib/modules/2.6.32-5-openvz-amd64/kernel/drivers/md/dm-queu e-length.ko
>> /lib/modules/2.6.32-5-openvz-amd64/kernel/net/ipv6/netfilter /ip6_queue.ko
>> /lib/modules/2.6.32-5-openvz-amd64/kernel/net/netfilter/nfne tlink_queue.ko
>> /lib/modules/2.6.32-5-openvz-amd64/kernel/net/netfilter/xt_N FQUEUE.ko
>> /lib/modules/2.6.32-5-openvz-amd64/kernel/net/ipv4/netfilter /ip_queue.k
>>
>> but vzctl gives such errors/warnings, and the app cannot access the NFQUEUE queue:
>> Warning: Unknown iptable module: nfnetlink_queue, skipped
>>
>> The same app on the HN works fine.
>> So, how can I use NFQUEUE on the VE ?
Re: NFQUEUE in VE [message #44466 is a reply to message #44465] Fri, 09 December 2011 11:14 Go to previous message
U.Mutlu is currently offline  U.Mutlu
Messages: 12
Registered: October 2011
Junior Member
From: *parallels.com
both HN and VE give this:
# cat /proc/net/ip_tables_targets
NFQUEUE
TCPMSS
DNAT
SNAT
NFQUEUE
REJECT
LOG
ERROR

so, NFQUEUE is there, somehow even twice.
But why does it still not function on the VE?


U.Mutlu wrote, On 12/09/2011 12:03 PM:
> For the interested ones: here are similar postings regarding the same issue:
> http://forum.openvz.org/index.php?t=msg&goto=40984&
> and a bugreport here:
> http://bugzilla.openvz.org/show_bug.cgi?id=1677
>
>
> U.Mutlu wrote, On 12/07/2011 06:39 PM:
>> Has nobody an answer to this problem?
>>
>>
>> U.Mutlu wrote, On 12/06/2011 01:07 AM:
>>> I need to use, in a VE, an app that uses libnetfilter_queue (ie. the NFQUEUE target of iptables).
>>> Which module do I need to specify in vz.cfg (IPTABLES="...") ?
>>>
>>> I tried the following modules
>>>
>>> find /lib/modules/ -iname "*queu*" -ls
>>> /lib/modules/2.6.32-5-openvz-amd64/kernel/drivers/md/dm-queu e-length.ko
>>> /lib/modules/2.6.32-5-openvz-amd64/kernel/net/ipv6/netfilter /ip6_queue.ko
>>> /lib/modules/2.6.32-5-openvz-amd64/kernel/net/netfilter/nfne tlink_queue.ko
>>> /lib/modules/2.6.32-5-openvz-amd64/kernel/net/netfilter/xt_N FQUEUE.ko
>>> /lib/modules/2.6.32-5-openvz-amd64/kernel/net/ipv4/netfilter /ip_queue.k
>>>
>>> but vzctl gives such errors/warnings, and the app cannot access the NFQUEUE queue:
>>> Warning: Unknown iptable module: nfnetlink_queue, skipped
>>>
>>> The same app on the HN works fine.
>>> So, how can I use NFQUEUE on the VE ?
Previous Topic: More on making an OpenVZ template
Next Topic: NTP Server in einer virtuellen Umgebung
Goto Forum:
  


Current Time: Mon Oct 22 21:00:28 GMT 2018