Tom Eastep wrote: > Rodrigo Sampaio Primo wrote: >> Hi there, >> >> I have a VM under a OpenVZ system. I would like to configure a firewall >> to that VM using Shorewall, but after following the steps on one >> particularly howto of the official website (don't remember now which >> one) I can't get rid of the following error: >> >> ERROR: Command "/sbin/iptables -A FORWARD -m state --state >> ESTABLISHED,RELATED -j ACCEPT" Failed >> iptables: No chain/target/match by that name > > Rodrigo, > > Please type that iptables command (or copy paste it) at a root shell > prompt. I'm sure that you will find that it fails. > > Until that command can complete without error, no stateful > iptables-based firewall will be able to run in your VM. > > I suspect that uou will be better off looking for help on OpenVZ > lists/channels rather than here on the Shorewall list.
One thought: I see that OpenVZ now has a 2.6.20 kernel. If you are using that kernel, you should be aware that the names of many of the netfilter modules changed in that release. Hopefully the OpenVZ project has issued new instructions for setting the IPTABLES_MODULES option when that kernel is being used. I've attached a file that contains the names of many (but not all) of the 2.6.20 modules. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
iptable_filter iptable_mangle iptable_nat iptable_raw ip_tables ipt_addrtype ipt_ah ipt_CLUSTERIP ipt_ecn ipt_ECN ipt_iprange ipt_LOG ipt_MASQUERADE ipt_NETMAP ipt_owner ipt_recent ipt_REDIRECT ipt_REJECT ipt_SAME ipt_TCPMSS ipt_tos ipt_TOS ipt_ttl ipt_TTL ipt_ULOG nf_conntrack nf_conntrack_amanda nf_conntrack_ftp nf_conntrack_h323 nf_conntrack_ipv4 nf_conntrack_irc nf_conntrack_netbios_ns nf_conntrack_netlink nf_conntrack_pptp nf_conntrack_proto_gre nf_conntrack_proto_sctp nf_conntrack_sip nf_conntrack_tftp nf_nat nf_nat_amanda nf_nat_ftp nf_nat_h323 nf_nat_irc nf_nat_pptp nf_nat_proto_gre nf_nat_sip nf_nat_snmp_basic nf_nat_tftp xt_CLASSIFY xt_comment xt_connmark xt_conntrack xt_dccp xt_hashlimit xt_helper xt_length xt_limit xt_mac xt_mark xt_MARK xt_multiport xt_NFLOG xt_NFQUEUE xt_physdev xt_pkttype xt_policy xt_state xt_tcpmss xt_tcpudp
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
