[PVE-User] iptables state module broken in debian 4.0 appliance?

Erik Gulliksson erik.gulliksson at diino.net
Wed Jan 28 13:58:40 CET 2009

Hi all,

> I have the same problem with NAT.
> - Dietmar

I managed to solve my problem with "iptables -m state .. " from
reading the following post:

I modified /etc/vz/vz.conf to contain the following line (added
ipt_state and ip_conntrack):
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter
iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state

Then (on HN):
/etc/init.d/vz restart

After this I can add rules like the following in my containers:
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

Best regards
Erik Gulliksson

Erik Gulliksson, erik.gulliksson at diino.net
System Administrator, Diino AB

More information about the pve-user mailing list