<div dir="ltr"><br>Trying to get csf working in an openvz container. <br><br>It works in containers on other hardware nodes, same kernel/utility versions.<br><br>Error is:<br><br><font face="courier new, monospace"># perl /etc/csf/<a href="http://csftest.pl">csftest.pl</a><br>
Testing ip_tables/iptable_filter...OK<br>Testing ipt_LOG...OK<br>Testing ipt_multiport/xt_multiport...OK<br>Testing ipt_REJECT...OK<br>Testing ipt_state/xt_state...OK<br>Testing ipt_limit/xt_limit...OK<br>Testing ipt_recent...OK<br>
<b>Testing xt_connlimit...FAILED [Error: iptables: Unknown error 18446744073709551615] - Required for CONNLIMIT feature</b><br>Testing ipt_owner/xt_owner...OK<br>Testing iptable_nat/ipt_REDIRECT...OK<br>Testing iptable_nat/ipt_DNAT...OK</font><br>
<div><br></div><div>xt_connlimit is loaded on the hardware node:</div><div><br></div><div><div><font face="courier new, monospace">]# lsmod | grep xt_connlimit</font></div><div><font face="courier new, monospace">xt_connlimit 3254 0</font></div>
<div><font face="courier new, monospace">nf_conntrack 80313 10 xt_connlimit,vzrst,vzcpt,xt_conntrack,nf_nat_ftp,nf_conntrack_ftp,iptable_nat,nf_nat,nf_conntrack_ipv4,xt_state</font></div></div><div><br></div><div>
After searching a long time I finally realized that vz.conf has changed so iptables now are loaded through vzctl, so done:</div><div><br></div><div><div><font face="courier new, monospace">[root@server16 vz]# vzctl set 1602 --netfilter full --setmode restart --save</font></div>
<div><font face="courier new, monospace">Restarting container</font></div><div><font face="courier new, monospace">Stopping container ...</font></div><div><font face="courier new, monospace">Container was stopped</font></div>
<div><font face="courier new, monospace">Unmounting file system at /vz/root/1602</font></div><div><font face="courier new, monospace">Unmounting device /dev/ploop52936</font></div><div><font face="courier new, monospace">Container is unmounted</font></div>
<div><font face="courier new, monospace">Starting container...</font></div><div><font face="courier new, monospace">Opening delta /vz/private/1602/root.hdd/root.hdd</font></div><div><font face="courier new, monospace">Adding delta dev=/dev/ploop52936 img=/vz/private/1602/root.hdd/root.hdd (rw)</font></div>
<div><font face="courier new, monospace">/dev/ploop52936p1: clean, 2189391/36044800 files, 117223158/144178683 blocks</font></div><div><font face="courier new, monospace">Mounting /dev/ploop52936p1 at /vz/root/1602 fstype=ext4 data='balloon_ino=12,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0,'</font></div>
<div><font face="courier new, monospace">Container is mounted</font></div><div><font face="courier new, monospace">Adding IP address(es): (redacted)</font></div><div><font face="courier new, monospace">Setting CPU limit: 1200</font></div>
<div><font face="courier new, monospace">Setting CPU units: 1016</font></div><div><font face="courier new, monospace">Setting CPUs: 12</font></div><div><font face="courier new, monospace">Container start in progress...</font></div>
<div><font face="courier new, monospace">CT configuration saved to /etc/vz/conf/1602.conf</font></div></div><div><br></div><div>But I STILL get the same error</div><div><br></div><div>After some further plodding I set following and rebooted, but also that didn't fix the problem:</div>
<div><div><font face="courier new, monospace"># cat /etc/modprobe.d/openvz.conf</font></div><div><font face="courier new, monospace">options nf_conntrack ip_conntrack_disable_ve0=0</font></div></div><div><br></div><div>Help?</div>
<div><br></div><div><br></div><div><br></div></div>