[Users] xt_connlimit failed

Rene C. openvz at dokbua.com
Wed Jul 30 22:09:29 PDT 2014 

Trying to get csf working in an openvz container.

It works in containers on other hardware nodes, same kernel/utility
versions.

Error is:

# perl /etc/csf/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
*Testing xt_connlimit...FAILED [Error: iptables: Unknown error
18446744073709551615] - Required for CONNLIMIT feature*
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

xt_connlimit is loaded on the hardware node:

]# lsmod | grep xt_connlimit
xt_connlimit            3254  0
nf_conntrack           80313  10
xt_connlimit,vzrst,vzcpt,xt_conntrack,nf_nat_ftp,nf_conntrack_ftp,iptable_nat,nf_nat,nf_conntrack_ipv4,xt_state

After searching a long time I finally realized that vz.conf has changed so
iptables now are loaded through vzctl, so done:

[root at server16 vz]# vzctl set 1602 --netfilter full --setmode restart --save
Restarting container
Stopping container ...
Container was stopped
Unmounting file system at /vz/root/1602
Unmounting device /dev/ploop52936
Container is unmounted
Starting container...
Opening delta /vz/private/1602/root.hdd/root.hdd
Adding delta dev=/dev/ploop52936 img=/vz/private/1602/root.hdd/root.hdd (rw)
/dev/ploop52936p1: clean, 2189391/36044800 files, 117223158/144178683 blocks
Mounting /dev/ploop52936p1 at /vz/root/1602 fstype=ext4
data='balloon_ino=12,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0,'
Container is mounted
Adding IP address(es): (redacted)
Setting CPU limit: 1200
Setting CPU units: 1016
Setting CPUs: 12
Container start in progress...
CT configuration saved to /etc/vz/conf/1602.conf

But I STILL get the same error

After some further plodding I set following and rebooted, but also that
didn't fix the problem:
# cat /etc/modprobe.d/openvz.conf
options nf_conntrack ip_conntrack_disable_ve0=0

Help?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/users/attachments/20140731/4a19c174/attachment.html>

More information about the Users mailing list