[PVE-User] iptables -L -t nat not working inside VE
Pongracz Istvan
pongracz.istvan at gmail.com
Tue Jan 6 13:16:27 CET 2009
Hi All,
I try to use iptables rules inside the container but it seems, nat table
is not accessible inside the container:
# iptables -L -t nat
FATAL: Could not load /lib/modules/2.6.24-1-pve/modules.dep: No such
file or directory
iptables v1.3.6: can't initialize iptables table `nat': Table does not
exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
I googled around this morning but I did not find solution for this
problem.
I used the following systems as VE for testing this problem:
debian
- lenny i386
- etch i386
- etch amd64
I found that, if I try to load ip_conntrack on the HN by modprobe
ip_conntrack, nothing happens.
This module does not appear on the list (lsmod).
There is nothing in the dmesg log.
Sometimes I got this dmesg error, I think that time, when '-m state '
exists in the iptables parameters:
'can't load conntrack support for proto=2'
I have this line in my vz.conf to enable modules for VEs:
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter
iptable_mangle ipt_TCPMSS ipt_tcpmss \
ipt_ttl ipt_length ip_conntrack ip_conntrack_ftp
ip_conntrack_irc ipt_LOG ipt_conntrack ipt_helper \
ipt_state iptable_nat ip_nat_ftp ip_nat_irc ipt_TOS "
Normal iptables rules are working but NAT and related parameters.
On the hardware node there is a well working shorewall firewall, if it
does matter....
Does anybody know this behaviour and the solution, if there is any
solution?
Thanks in advance,
István
--
BSA. Mert megérdemlitek.
Open Source. Mert megérdemlem.
--
BSA. They value it.
Open Source. The value. It.
--
http://www.startit.hu
http://www.osbusiness.hu
More information about the pve-user
mailing list