On 11/29/2015 10:00 AM, Jeff Sim wrote: > Tom (and all), > > I can’t believe the answer was staring me right in the face this whole time. > > After you had pointed out the conntrack issue, I thought about it more and > decided to poke around /var/log/messages and see if conntrack is being > loaded. One curious entry I saw was: > > Nov 27 09:35:51 belle kernel: [ 5.251644] Disabling conntracks and NAT for > ve0 > > That got me thinking about what OpenVZ might’ve done to the system (as my > other working server isn’t running OpenVZ, but KVM). So I looked at > /etc/modprobe.d/ and noticed a openvz.conf with the following line in it: > > options nf_conntrack ip_conntrack_disable_ve0=1 > >>From what I understand about OpenVZ, ve0 (or CT0) is the host node itself. So >>that line is basically disabling NAT and conntrack for the host node. I’m not >>sure what the logic is behind that, but after commenting out that line and >>rebooting the system, conntrack works again and Shorewall acts normally again. > > Hope this helps anyone else who might run into this issue in future. >
Glad you got it sorted. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
