OpenVZ Forum


Home » General » Discussions » Openvz and iptables modules , netfilter
Openvz and iptables modules , netfilter [message #51592] Fri, 08 August 2014 07:53
advanhost is currently offline  advanhost
Messages: 1
Registered: August 2014
Junior Member
From: 180.149.252*
We have noticed that starts from new version of openvz, enable iptables requires netfilter parameters to be set to full to enable the iptables modules inside the VM.

However we are still not able to enable all the iptables modules even we have setup this up:

[root@ve223 ~]# vzctl set 5720 --netfilter full --save --setmode restart

Inside the VM, csf still report the iptables modules cannot be loaded:

[root@ve223 ~]# vzctl enter 5720
entered into CT 5720
root@mail [/]# /etc/csf/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...FAILED [Error: iptables: No chain/target/match by that name.] - Required for PORTFLOOD and PORTKNOCKING features
Testing xt_connlimit...FAILED [Error: iptables: No chain/target/match by that name.] - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...FAILED [Error: iptables: No chain/target/match by that name.] - Required for SMTP_BLOCK and UID/GID blocking features
Testing iptable_nat/ipt_REDIRECT...FAILED [Error: iptables: No chain/target/match by that name.] - Required for MESSENGER feature
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf will function on this server but some features will not work due to some missing iptables modules [4]


Seems the hardnode already loaded the modules:
[root@ve223 ~]# modprobe -l | grep ipt
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/sche d/act_ipt.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/drivers/ usb/input/aiptek.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_CLUSTERIP.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_DSCP.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_ECN.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_LOG.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_MASQUERADE.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_NETMAP.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_REDIRECT.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_REJECT.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_TCPMSS.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_TOS.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_TTL.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_ULOG.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_addrtype.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_ah.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_dscp.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_ecn.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_hashlimit.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_iprange.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_owner.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_recent.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_tos.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/ipt_ttl.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/iptable_filter.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/iptable_mangle.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/iptable_nat.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/net/ipv4 /netfilter/iptable_raw.ko
/lib/modules/2.6.18-371.6.1.el5.028stab112.3/kernel/sound/pc i/riptide/snd-riptide.ko

Please, how can we fix this problem? i searched though the internet but we cannot find a way to solve it.

Thanks

advan
Previous Topic: Kernel modules on a container
Next Topic: Future of OpenVZ and ploop?
Goto Forum:
  


Current Time: Mon Oct 23 09:44:37 GMT 2017