[Users] Re: iptables not working in VE (kernel 2.6.24-6-fza-686)

[Adem]

"Aleksandar Ivanisevic" wrote:
> "Adem" writes:
>
> > My IPTABLES setting in /etc/vz/vz.conf on the HN:
> > IPTABLES="ip_tables        ipt_REJECT       ipt_tos     ipt_limit     ipt_multiport iptable_filter \
> >           iptable_mangle   ipt_TCPMSS       ipt_tcpmss  ipt_ttl       ipt_length    ip_conntrack   \
> >           ip_conntrack_ftp ip_conntrack_irc ipt_LOG     ipt_conntrack ipt_helper    ipt_state      \
> >           xt_connlimit     ipt_recent       iptable_nat ip_nat_ftp
> > ip_nat_irc    ipt_TOS "
>
> Are you sure you restarted the container after changing this line?

Yes. Even deleted and recreated the VE, and restarted the machine.

> Also, modules need to be loaded in the host if you want them to work in
> VEs. What does lsmod | grep ip_ on the host say?

# lsmod | grep ip_
ip_tables              14216  3 iptable_nat,iptable_mangle,iptable_filter
x_tables               16228  18
xt_tcpudp,ipt_TOS,iptable_nat,ipt_recent,xt_connlimit,xt_state,xt_helper,xt_conntrack,ipt_LOG,xt_length,ipt_ttl,xt_tcpmss,xt_TCPMSS,
xt_multiport,xt_limit,ipt_tos,ipt_REJECT,ip_tables

I somehow managed to get the firewall rules working in the VE,
except the ipt_recent module, as this module does not load for the VE.
vzctl gives this warning when creating the VE:
"Warning: Unknown iptable module: ipt_recent, skipped"
For more details on this please see the other thread titled "ipt_recent Problems".