OpenVZ Forum


Home » Mailing lists » Users » Ulogd + iptables configuration
Ulogd + iptables configuration [message #45446] Sat, 10 March 2012 23:46 Go to next message
cyrolancer is currently offline  cyrolancer
Messages: 15
Registered: July 2011
Junior Member
From: *parallels.com
Hello,

I am trying to configure a Debian 6 container. In this container, I want
all iptables logs to be written in a MySQL DB. To achieve this, I am
using ulogd and ulogd-mysql packages on the container.

On the HW node, which is a CentOS 5 machine, I enabled ipt_ULOG module
according to the OpenVZ User's Guide (i.e. by adding ipt_ULOG to
/etc/sysconfig(iptables-config file, and rebooting). I also added
ipt_ULOG to the container's configuration file and rebooted the
container. However, I am getting a warning like "ipt_ULOG not found,
skipping" while rebooting the container. As a result, I cannot install
ulogd and ulogd-mysql to the container due to errors about ipt_ULOG module.

Are there any ideas to fix this issue?

Thanks,

Onur
Re: Ulogd + iptables configuration [message #45447 is a reply to message #45446] Sun, 11 March 2012 02:52 Go to previous messageGo to next message
Gary Wallis is currently offline  Gary Wallis
Messages: 15
Registered: July 2011
Junior Member
From: *parallels.com
On 3/10/2012 8:46 PM, Onur R. Bingol wrote:
> Hello,
>
> I am trying to configure a Debian 6 container. In this container, I want
> all iptables logs to be written in a MySQL DB. To achieve this, I am
> using ulogd and ulogd-mysql packages on the container.
>
> On the HW node, which is a CentOS 5 machine, I enabled ipt_ULOG module
> according to the OpenVZ User's Guide (i.e. by adding ipt_ULOG to
> /etc/sysconfig(iptables-config file, and rebooting). I also added
> ipt_ULOG to the container's configuration file and rebooted the
> container. However, I am getting a warning like "ipt_ULOG not found,
> skipping" while rebooting the container. As a result, I cannot install
> ulogd and ulogd-mysql to the container due to errors about ipt_ULOG module.
>
> Are there any ideas to fix this issue?

Onur,


You need to start by including the modules in the host node
/etc/vz/vz.conf file iptables kernel module configuration line. Here is
a sample line:

## IPv4 iptables kernel modules
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter
iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"

Then you need to restart vz for the changes to take effect.

Cheers,
Gary Wallis


>
> Thanks,
>
> Onur
Re: Ulogd + iptables configuration [message #45451 is a reply to message #45447] Sun, 11 March 2012 10:01 Go to previous messageGo to next message
cyrolancer is currently offline  cyrolancer
Messages: 15
Registered: July 2011
Junior Member
From: *parallels.com
I have added

-----
IPTABLES="ip_tables ipt_REJECT ipt_tos ipt_limit ipt_multiport
iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length
ipt_helper ipt_state ipt_TOS ipt_conntrack ip_conntrack ip_conntrack_ftp
ipt_LOG ipt_ULOG"
-----
line to /etc/sysconfig/iptables-config and /etc/vz/vz.conf still getting

-----
Warning: Unknown iptable module: ipt_ULOG, skipped
Restarting container
Stopping container ...
Container was stopped
.
.
.
-----

"lsmod | grep ipt_ULOG" output on the HW node,

-----
ipt_ULOG 42504 0
x_tables 52616 20
xt_pkttype,iptable_nat,ipt_ULOG,ipt_LOG,xt_conntrack,ipt_TOS ,xt_helper,xt_length,ipt_ttl,xt_tcpmss,ipt_TCPMSS,xt_multipo rt,xt_limit,ipt_tos,ipt_REJECT,xt_state,ip_tables,ip6t_REJEC T,xt_tcpudp,ip6_tables
-----

I couldn't understand what I am missing

Onur Rauf Bingol


On 11.03.2012 04:52, ggw@unixservice.com wrote:
> On 3/10/2012 8:46 PM, Onur R. Bingol wrote:
>> Hello,
>>
>> I am trying to configure a Debian 6 container. In this container, I want
>> all iptables logs to be written in a MySQL DB. To achieve this, I am
>> using ulogd and ulogd-mysql packages on the container.
>>
>> On the HW node, which is a CentOS 5 machine, I enabled ipt_ULOG module
>> according to the OpenVZ User's Guide (i.e. by adding ipt_ULOG to
>> /etc/sysconfig(iptables-config file, and rebooting). I also added
>> ipt_ULOG to the container's configuration file and rebooted the
>> container. However, I am getting a warning like "ipt_ULOG not found,
>> skipping" while rebooting the container. As a result, I cannot install
>> ulogd and ulogd-mysql to the container due to errors about ipt_ULOG
>> module.
>>
>> Are there any ideas to fix this issue?
>
> Onur,
>
>
> You need to start by including the modules in the host node
> /etc/vz/vz.conf file iptables kernel module configuration line. Here
> is a sample line:
>
> ## IPv4 iptables kernel modules
> IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter
> iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"
>
> Then you need to restart vz for the changes to take effect.
>
> Cheers,
> Gary Wallis
>
>
>>
>> Thanks,
>>
>> Onur
Re: Ulogd + iptables configuration [message #45465 is a reply to message #45447] Sun, 11 March 2012 21:46 Go to previous messageGo to next message
cyrolancer is currently offline  cyrolancer
Messages: 15
Registered: July 2011
Junior Member
From: *parallels.com
Hello,

Commenting IPTABLES lines in vz.conf and the {VE_ID}.conf corrected the
issue.

Thanks,

Onur R. Bingol


On 11.03.2012 04:52, ggw@unixservice.com wrote:
> On 3/10/2012 8:46 PM, Onur R. Bingol wrote:
>> Hello,
>>
>> I am trying to configure a Debian 6 container. In this container, I want
>> all iptables logs to be written in a MySQL DB. To achieve this, I am
>> using ulogd and ulogd-mysql packages on the container.
>>
>> On the HW node, which is a CentOS 5 machine, I enabled ipt_ULOG module
>> according to the OpenVZ User's Guide (i.e. by adding ipt_ULOG to
>> /etc/sysconfig(iptables-config file, and rebooting). I also added
>> ipt_ULOG to the container's configuration file and rebooted the
>> container. However, I am getting a warning like "ipt_ULOG not found,
>> skipping" while rebooting the container. As a result, I cannot install
>> ulogd and ulogd-mysql to the container due to errors about ipt_ULOG
>> module.
>>
>> Are there any ideas to fix this issue?
>
> Onur,
>
>
> You need to start by including the modules in the host node
> /etc/vz/vz.conf file iptables kernel module configuration line. Here
> is a sample line:
>
> ## IPv4 iptables kernel modules
> IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter
> iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"
>
> Then you need to restart vz for the changes to take effect.
>
> Cheers,
> Gary Wallis
>
>
>>
>> Thanks,
>>
>> Onur
Re: Ulogd + iptables configuration [message #45466 is a reply to message #45465] Sun, 11 March 2012 22:41 Go to previous message
Gary Wallis is currently offline  Gary Wallis
Messages: 15
Registered: July 2011
Junior Member
From: *parallels.com
On 3/11/2012 6:46 PM, Onur R. Bingol wrote:
> Hello,
>
> Commenting IPTABLES lines in vz.conf and the {VE_ID}.conf corrected the
> issue.
>
> Thanks,
>
> Onur R. Bingol

Thanks Onur!
Previous Topic: Simple OpenVZ load average aggregation script
Next Topic: howto device by-id
Goto Forum:
  


Current Time: Sun Dec 17 23:12:56 GMT 2017