by Omshivaprakash | Jun 3, 2011 | Gnu/Linux, linux, QuickFix, Security, Technical, Virtualization
Following error is noticed when you are running apf in the OpenVZ VM.
iptables: Unknown error 4294967295
Main reason for this error iptables support missing in OpenVZ.
Here are the quick steps to resolve this issue permanently:
1. Define which iptables modules are available for VEs.
a)
Edit /etc/sysconfig/iptables-config
file on a OpenVZ hardware node:
IPTABLES_MODULES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp”
b)
Edit /etc/sysconfig/vz
file on a OpenVZ hardware node:
IPTABLES=”ipt_REJECT
ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp”
Note:– iptables modules list in IPTABLES and IPTABLES_MODULES parameters in /etc/sysconfig/vz
and /etc/sysconfig/iptables-config
files should be placed in one single line, no linebreaks is allowed in this parameter.
Restart OpenVZ server
# service vz restart
2. Increase ‘numiptent’ parameter for the VE you need to install APF into. This parameter limits the amount of iptables rules available for a VE. Default APF configuration requires ~400 rules. Lets set it to 400 in the example below for VE #101:
# vzctl set 101 --numiptent 400 --save
3. Start APF inside the VE:
# /etc/init.d/apf start
Tags: apf, iptables, OpenVZ
by Omshivaprakash | Jul 4, 2010 | Gnu/Linux, linux, Technical, Virtualization, XEN
To get your OpenManage installation working on a DELL Server installed with Citrix XEN Server, add following IPTABLES rules: INPUT Table -A INPUT -p tcp -m tcp –dport 5666 -j ACCEPT -A INPUT -p tcp -m tcp –dport 1311 -j ACCEPT -A INPUT -p tcp -m tcp –dport 5666 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp […]
by Omshivaprakash | Feb 27, 2009 | linux, QuickFix, Technical
If you’re getting the following error on your server, iptables
update might have caused this issue.
[[email protected] ~]# /etc/init.d/iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Applying iptables firewall rules: iptables-restore v1.2.11: iptables-restore: unable to initializetable ‘mangle’
Error occurred at line: 2
Try `iptables-restore -h’ or ‘iptables-restore –help’ for more information.
[FAILED]
To resolve this, check the output of iptables -L
if that gives any output, save it using following command and then restart iptables as shown below.
Saving iptables rules:
[[email protected] sysconfig]#iptables-save > /etc/sysconfig/iptables
Restarting iptables service:
[[email protected] sysconfig]# /etc/init.d/iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Applying iptables firewall rules: [ OK ]
You can see that the issue has been sorted out. It removed the unsupported rules from iptables list.
by Omshivaprakash | Oct 30, 2008 | linux, QuickFix, Technical
Unable to block ips using iptables on your VPS? Is your APF installation failing to work?
[email protected] [~]# iptables -I INPUT -s 123.123.123.123 -j DROP
iptables: Memory allocation problem
Resolution:
If you’re using OpenVZ for virtualization, you might have exceeded the limit of ‘numiptent’ parameter value. You may check if there are non-zero failcounts for the ‘numiptent’ parameter inside VPS:
# egrep "failcnt|numiptent" /proc/user_beancounters
If you’re an admin with the access to hardware node, increase a bit parameter value using following command. (Following command won’t work inside the VPS node)
#vzctl set VPS_ID --save --numiptent NEW_BARRIER:NEW_LIMIT
This should resolve the issue.
Recent Comments