[Users] Mail-in-a-box / ufw
Kirill Kolyshkin
kir at odin.com
Sun Jun 7 16:00:01 PDT 2015
Apparently you need vzctl set $CTID --netfilter full --save (and restart CT for it to take effect).
A warning about TCP sack — most probably you can ignore, or file a bug to them saying it might not be configurable, or file a bug to us asking to make it configurable (if there is a serious reason why).
Kir.
On Jun 7, 2015 6:34 PM, Volker Janzen <voja at voja.de> wrote:
Hi,
I'm trying to install Mail-in-a-box on a ubuntu-14.04-x86_64-minimal. Following configuration is used for the container:
PHYSPAGES="0:524288"
SWAPPAGES="0:131072"
DISKSPACE="62914560:62914560"
DISKINODES="131072:144179"
QUOTATIME="0"
CPUUNITS="1000"
NETFILTER="stateless"
HOSTNAME="example.com<http://example.com>"
VE_ROOT="/vz/root/$VEID"
VE_PRIVATE="/vz/private/$VEID"
OSTEMPLATE="ubuntu-14.04-x86_64-minimal"
ORIGIN_SAMPLE="vswap-256m"
NAMESERVER="<IPs>"
IP_ADDRESS="<IPs>"
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state"
The Mail-in-a-box install script tries to setup ufw, when a couple of errors occur:
installing ufw ...
ERROR: problem running ufw-init
modprobe: ERROR: ../libkmod/libkmod.c:507 kmod_lookup_alias_from_builtin_file() could not open builtin file '/lib/modules/2.6.32-042stab104.1/modules.builtin.bin'
modprobe: FATAL: Module nf_conntrack_ftp not found.
modprobe: ERROR: ../libkmod/libkmod.c:507 kmod_lookup_alias_from_builtin_file() could not open builtin file '/lib/modules/2.6.32-042stab104.1/modules.builtin.bin'
modprobe: FATAL: Module nf_nat_ftp not found.
modprobe: ERROR: ../libkmod/libkmod.c:507 kmod_lookup_alias_from_builtin_file() could not open builtin file '/lib/modules/2.6.32-042stab104.1/modules.builtin.bin'
modprobe: FATAL: Module nf_conntrack_netbios_ns not found.
iptables-restore: line 4 failed
iptables-restore: line 77 failed
iptables-restore: line 31 failed
ip6tables-restore: line 4 failed
ip6tables-restore: line 73 failed
ip6tables-restore: line 31 failed
sysctl: permission denied on key 'net.ipv4.tcp_sack'
Can anybody tell me how I can solve these errors?
Regards,
Volker
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/users/attachments/20150607/364d0fd6/attachment.html>
More information about the Users
mailing list