I have the same behavior. It works on the HN, but inside the CT there is no nat table:
# cat /proc/net/ip_tables_names mangle filter no idea why. > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Pongracz Istvan > Sent: Donnerstag, 08. Jänner 2009 12:53 > To: [email protected] > Subject: [Users] [PVE-User] iptables -L -t nat not working inside VE > > Hi All, > > I try to use iptables rules inside the container but it seems, nat > table > is not accessible inside the container: > > # iptables -L -t nat > FATAL: Could not load /lib/modules/2.6.24-1-pve/modules.dep: No such > file or directory > iptables v1.3.6: can't initialize iptables table `nat': Table does not > exist (do you need to insmod?) > Perhaps iptables or your kernel needs to be upgraded. > > > I googled around but I did not find solution for this > problem. > > I use Proxmox version of openvz, which is based on debian. > 2.6.24-openvz kernel > I think, you know them, their developers are on this list :) > > I used the following systems as VE for testing this problem: > debian > - lenny i386 > - etch i386 > - etch amd64 > > I found that, if I try to load ip_conntrack on the HN by modprobe > ip_conntrack, nothing happens. > This module does not appear on the list (lsmod). > There is nothing in the dmesg log. > > Sometimes I got this dmesg error, I think that time, when '-m state ' > exists in the iptables parameters: > 'can't load conntrack support for proto=2' > > I have this line in my vz.conf to enable modules for VEs: > > IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter > iptable_mangle ipt_TCPMSS ipt_tcpmss \ > ipt_ttl ipt_length ip_conntrack ip_conntrack_ftp > ip_conntrack_irc ipt_LOG ipt_conntrack ipt_helper \ > ipt_state iptable_nat ip_nat_ftp ip_nat_irc ipt_TOS " > > > Normal iptables rules are working but NAT and related parameters. > On the hardware node there is a well working shorewall firewall, if it > does matter.... > > Does anybody know this behaviour and the solution (if there is any > solution)? > > Further investigation is possible, if somebody has an idea :) > I'm more or less out with fresh ideas at this moment. > > Thanks in advance, > István > > > -- > BSA. Mert megérdemlitek. > Open Source. Mert megérdemlem. > -- > BSA. They value it. > Open Source. The value. It. > -- > http://www.startit.hu > http://www.osbusiness.hu > > > _______________________________________________ > Users mailing list > [email protected] > https://openvz.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://openvz.org/mailman/listinfo/users
