Tom, do you have any idea how can I check what is missing for this rule
work? I have spend some time searching without success. Thanks again,
Rodrigo.
On 9/6/07, Rodrigo Sampaio Primo <[EMAIL PROTECTED]> wrote:
>
> Hi Tom, I'm using CentOS with kernel 2.6.9-023stab043.2-smp, so I don t
> think the problem is related to kernel modules names. Now I'm trying to find
> out what is missing for this rule to be accepted. Thanks for your help,
> Rodrigo.
>
> On 9/1/07, Tom Eastep <[EMAIL PROTECTED]> wrote:
>
> > Tom Eastep wrote:
> > > Rodrigo Sampaio Primo wrote:
> > >> Hi there,
> > >>
> > >> I have a VM under a OpenVZ system. I would like to configure a
> > firewall
> > >> to that VM using Shorewall, but after following the steps on one
> > >> particularly howto of the official website (don't remember now which
> > >> one) I can't get rid of the following error:
> > >>
> > >> ERROR: Command "/sbin/iptables -A FORWARD -m state --state
> > >> ESTABLISHED,RELATED -j ACCEPT" Failed
> > >> iptables: No chain/target/match by that name
> > >
> > > Rodrigo,
> > >
> > > Please type that iptables command (or copy paste it) at a root shell
> > > prompt. I'm sure that you will find that it fails.
> > >
> > > Until that command can complete without error, no stateful
> > > iptables-based firewall will be able to run in your VM.
> > >
> > > I suspect that uou will be better off looking for help on OpenVZ
> > > lists/channels rather than here on the Shorewall list.
> >
> > One thought: I see that OpenVZ now has a 2.6.20 kernel. If you are using
> > that kernel, you should be aware that the names of many of the netfilter
> > modules changed in that release. Hopefully the OpenVZ project has issued
> > new instructions for setting the IPTABLES_MODULES option when that
> > kernel is being used.
> >
> > I've attached a file that contains the names of many (but not all) of
> > the 2.6.20 modules.
> >
> > -Tom
> > --
> > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
> > Shoreline, \ http://shorewall.net
> > Washington USA \ [EMAIL PROTECTED]
> > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
> >
> > iptable_filter
> > iptable_mangle
> > iptable_nat
> > iptable_raw
> > ip_tables
> > ipt_addrtype
> > ipt_ah
> > ipt_CLUSTERIP
> > ipt_ecn
> > ipt_ECN
> > ipt_iprange
> > ipt_LOG
> > ipt_MASQUERADE
> > ipt_NETMAP
> > ipt_owner
> > ipt_recent
> > ipt_REDIRECT
> > ipt_REJECT
> > ipt_SAME
> > ipt_TCPMSS
> > ipt_tos
> > ipt_TOS
> > ipt_ttl
> > ipt_TTL
> > ipt_ULOG
> > nf_conntrack
> > nf_conntrack_amanda
> > nf_conntrack_ftp
> > nf_conntrack_h323
> > nf_conntrack_ipv4
> > nf_conntrack_irc
> > nf_conntrack_netbios_ns
> > nf_conntrack_netlink
> > nf_conntrack_pptp
> > nf_conntrack_proto_gre
> > nf_conntrack_proto_sctp
> > nf_conntrack_sip
> > nf_conntrack_tftp
> > nf_nat
> > nf_nat_amanda
> > nf_nat_ftp
> > nf_nat_h323
> > nf_nat_irc
> > nf_nat_pptp
> > nf_nat_proto_gre
> > nf_nat_sip
> > nf_nat_snmp_basic
> > nf_nat_tftp
> > xt_CLASSIFY
> > xt_comment
> > xt_connmark
> > xt_conntrack
> > xt_dccp
> > xt_hashlimit
> > xt_helper
> > xt_length
> > xt_limit
> > xt_mac
> > xt_mark
> > xt_MARK
> > xt_multiport
> > xt_NFLOG
> > xt_NFQUEUE
> > xt_physdev
> > xt_pkttype
> > xt_policy
> > xt_state
> > xt_tcpmss
> > xt_tcpudp
> >
> >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc.
> > Still grepping through log files to find problems? Stop.
> > Now Search log events and configuration files using AJAX and a browser.
> > Download your FREE copy of Splunk now >> http://get.splunk.com/
> > _______________________________________________
> > Shorewall-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/shorewall-users
> >
> >
> >
>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
