Hi Tom, I'm using CentOS with kernel 2.6.9-023stab043.2-smp, so I don t
think the problem is related to kernel modules names. Now I'm trying to find
out what is missing for this rule to be accepted. Thanks for your help,
Rodrigo.
On 9/1/07, Tom Eastep <[EMAIL PROTECTED]> wrote:
>
> Tom Eastep wrote:
> > Rodrigo Sampaio Primo wrote:
> >> Hi there,
> >>
> >> I have a VM under a OpenVZ system. I would like to configure a firewall
> >> to that VM using Shorewall, but after following the steps on one
> >> particularly howto of the official website (don't remember now which
> >> one) I can't get rid of the following error:
> >>
> >> ERROR: Command "/sbin/iptables -A FORWARD -m state --state
> >> ESTABLISHED,RELATED -j ACCEPT" Failed
> >> iptables: No chain/target/match by that name
> >
> > Rodrigo,
> >
> > Please type that iptables command (or copy paste it) at a root shell
> > prompt. I'm sure that you will find that it fails.
> >
> > Until that command can complete without error, no stateful
> > iptables-based firewall will be able to run in your VM.
> >
> > I suspect that uou will be better off looking for help on OpenVZ
> > lists/channels rather than here on the Shorewall list.
>
> One thought: I see that OpenVZ now has a 2.6.20 kernel. If you are using
> that kernel, you should be aware that the names of many of the netfilter
> modules changed in that release. Hopefully the OpenVZ project has issued
> new instructions for setting the IPTABLES_MODULES option when that
> kernel is being used.
>
> I've attached a file that contains the names of many (but not all) of
> the 2.6.20 modules.
>
> -Tom
> --
> Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
> Shoreline, \ http://shorewall.net
> Washington USA \ [EMAIL PROTECTED]
> PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
>
> iptable_filter
> iptable_mangle
> iptable_nat
> iptable_raw
> ip_tables
> ipt_addrtype
> ipt_ah
> ipt_CLUSTERIP
> ipt_ecn
> ipt_ECN
> ipt_iprange
> ipt_LOG
> ipt_MASQUERADE
> ipt_NETMAP
> ipt_owner
> ipt_recent
> ipt_REDIRECT
> ipt_REJECT
> ipt_SAME
> ipt_TCPMSS
> ipt_tos
> ipt_TOS
> ipt_ttl
> ipt_TTL
> ipt_ULOG
> nf_conntrack
> nf_conntrack_amanda
> nf_conntrack_ftp
> nf_conntrack_h323
> nf_conntrack_ipv4
> nf_conntrack_irc
> nf_conntrack_netbios_ns
> nf_conntrack_netlink
> nf_conntrack_pptp
> nf_conntrack_proto_gre
> nf_conntrack_proto_sctp
> nf_conntrack_sip
> nf_conntrack_tftp
> nf_nat
> nf_nat_amanda
> nf_nat_ftp
> nf_nat_h323
> nf_nat_irc
> nf_nat_pptp
> nf_nat_proto_gre
> nf_nat_sip
> nf_nat_snmp_basic
> nf_nat_tftp
> xt_CLASSIFY
> xt_comment
> xt_connmark
> xt_conntrack
> xt_dccp
> xt_hashlimit
> xt_helper
> xt_length
> xt_limit
> xt_mac
> xt_mark
> xt_MARK
> xt_multiport
> xt_NFLOG
> xt_NFQUEUE
> xt_physdev
> xt_pkttype
> xt_policy
> xt_state
> xt_tcpmss
> xt_tcpudp
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems? Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
