Reaching out to others! Free & Open Source Software, Kannada, L10n, L18n Data Science, Cloud Computing & more…

Fix: iptables: Unknown error 4294967295

Following error is noticed when you are running in the VM.

: Unknown error 4294967295

Main reason for this error iptables support missing in OpenVZ.

Here are the quick steps to resolve this issue permanently:

1. Define which iptables modules are available for VEs.

a)
Edit /etc/sysconfig/iptables-config file on a OpenVZ hardware node:

IPTABLES_MODULES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp”

b)
Edit /etc/sysconfig/vz file on a OpenVZ hardware node:

IPTABLES=”ipt_REJECT
ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp”

Note:– iptables modules list in IPTABLES and IPTABLES_MODULES parameters in /etc/sysconfig/vz and /etc/sysconfig/iptables-config files should be placed in one single line, no linebreaks is allowed in this parameter.

Restart OpenVZ server
# service vz restart

2. Increase ‘numiptent’ parameter for the VE you need to install APF into. This parameter limits the amount of iptables rules available for a VE. Default APF configuration requires ~400 rules. Lets set it to 400 in the example below for VE #101:

# vzctl set 101 --numiptent 400 --save

3. Start APF inside the VE:
# /etc/init.d/apf start

Tags: , ,

iptables-restore: unable to initializetable ‘mangle’

If you’re getting the following error on your server, iptables update might have caused this issue.

[[email protected] ~]# /etc/init.d/iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Applying iptables firewall rules: iptables-restore v1.2.11: iptables-restore: unable to initializetable ‘mangle’
Error occurred at line: 2
Try `iptables-restore -h’ or ‘iptables-restore –help’ for more information.
[FAILED]

To resolve this, check the output of iptables -L if that gives any output, save it using following command and then restart iptables as shown below.

Saving iptables rules:

[[email protected] sysconfig]#iptables-save > /etc/sysconfig/iptables

Restarting iptables service:
[[email protected] sysconfig]# /etc/init.d/iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Applying iptables firewall rules: [ OK ]

You can see that the issue has been sorted out. It removed the unsupported rules from iptables list.

iptables: Memory allocation problem

Unable to block ips using iptables on your VPS? Is your APF installation failing to work?

[email protected] [~]# iptables -I INPUT -s 123.123.123.123 -j DROP
iptables: Memory allocation problem

Resolution:

If you’re using OpenVZ for virtualization, you might have exceeded the limit of ‘numiptent’ parameter value. You may check if there are non-zero failcounts for the ‘numiptent’ parameter inside VPS:

# egrep "failcnt|numiptent" /proc/user_beancounters

If you’re an admin with the access to hardware node, increase a bit parameter value using following command. (Following command won’t work inside the VPS node)
#vzctl set VPS_ID --save --numiptent NEW_BARRIER:NEW_LIMIT
This should resolve the issue.