[PVE-User] iptables state module broken in debian 4.0 appliance?
Erik Gulliksson
erik.gulliksson at diino.net
Wed Jan 28 13:58:40 CET 2009
Hi all,
> I have the same problem with NAT.
>
> - Dietmar
I managed to solve my problem with "iptables -m state .. " from
reading the following post:
http://www.mail-archive.com/users@openvz.org/msg01878.html
I modified /etc/vz/vz.conf to contain the following line (added
ipt_state and ip_conntrack):
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter
iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state
ip_conntrack"
Then (on HN):
/etc/init.d/vz restart
After this I can add rules like the following in my containers:
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
Best regards
Erik Gulliksson
--
Erik Gulliksson, erik.gulliksson at diino.net
System Administrator, Diino AB
http://www.diino.com
More information about the pve-user
mailing list