OpenVZ Forum


Home » General » Support » iptables inside of containers on a CentOS 6 HN?
iptables inside of containers on a CentOS 6 HN? [message #52218] Fri, 25 September 2015 18:35 Go to next message
curtis_isparks is currently offline  curtis_isparks
Messages: 14
Registered: April 2011
Junior Member
From: *72.210.91.static.affiber.com
In the past, running iptables inside of a container has required loading the xt_tcpudp kernel module on the host node, but that no longer works on CentOS 6:

# modprobe xt_tcpudp
FATAL: Module xt_tcpudp not found.


The outdated OpenVZ documentation says, "Note: xt_tcpudp module seem to be included in the kernel packages of Debian 6, but not of CentOS 6."...

h-t-t-p-s://openvz.org/Setting_up_an_iptables_firewall#Setting_up_a_firewall_that_allows_per-container_configuration
(url masked because my profile is too new to post links)

But, the above page also still refers to the obsolete IPTABLES= option (the option is now called IPTABLES_MODULES=), so I don't know if anything on that page is valid anymore.

This is with the current OpenVZ stable kernel(2.6.32-042stab111.11) on CentOS 6.7.

The download page makes is look like CentOS 6 is stable and supported. Is that not the case? Is CentOS 5 a better platform for the stable version of OpenVZ?

[Updated on: Fri, 25 September 2015 18:38]

Report message to a moderator

Re: iptables inside of containers on a CentOS 6 HN? [message #52223 is a reply to message #52218] Fri, 25 September 2015 22:53 Go to previous message
curtis_isparks is currently offline  curtis_isparks
Messages: 14
Registered: April 2011
Junior Member
From: *72.210.91.static.affiber.com
Ok, I think I was confused by this comment in the default vz.conf file:

## WARNING: IPTABLES parameter is deprecated,
## use per-container (not global!) NETFILTER instead

Looking at my the vz.conf from an older OpenVZ line, it looks like IPTABLES_MODULE is always what it was called there. The above comment refers to the CT.conf and it does appear that the following line in CT.conf does allow it iptables to work:

NETFILTER="full"
Previous Topic: FATAL: Module xt_tcpudp not found.
Next Topic: Unable to find VM just created
Goto Forum:
  


Current Time: Tue Dec 11 18:07:25 GMT 2018