Karmic iptables missing kernel moduyles on OpenVZ container
Posted
by luison
on Server Fault
See other posts from Server Fault
or by luison
Published on 2010-02-23T10:51:26Z
Indexed on
2010/04/16
20:03 UTC
Read the original article
Hit count: 468
After an unsuccessful p2v migration of my Ubuntu server to an OpenVZ container which I am stack with I thought I would give a try to a reinstall based on a clean OpenVZ template for Ubuntu 9.10 (from the OpenVZ wiki)
When I try to load my iptables rules on the VM machine I've been getting errors which I believe are related to kernel modules not being loaded on the VM from the /vz/XXX.conf template model.
I've been testing with a few post I've found but I was stack with the error:
WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/.
FATAL: Could not load /lib/modules/2.6.24-10-pve/modules.dep: No such file or directory
iptables-restore v1.4.4: iptables-restore: unable to initialize table 'raw'
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
I read about the template not loading all iptables modules so I added modules to the XXX.conf of the VZ virtual machine like this:
IPTABLES="ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc"
As the error remained I read that I should build dependencies again on the virtual machine:
depmod -a but this returned an error:
WARNING: Couldn't open directory /lib/modules/2.6.24-10-pve: No such file or directory
FATAL: Could not open /lib/modules/2.6.24-10-pve/modules.dep.temp for writing: No such file or directory
So I read again about creating the directory empty and redoing "depmod -a" it.
I now don't get the dependancies error but get this and I don't have a clue how to proceed:
WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/.
FATAL: Module ip_tables not found.
iptables-restore v1.4.4: iptables-restore: unable to initialize table 'raw'
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
I understand that iptables rules have to be different on the VM machine and perhaps some of the rules we are trying to apply (from our physical server) are not compatible but these are just source IP and destination port checks that I would like to be able to have available . I've heard that on the CentOS template there are no issues with this, so I understand is to do with VM config.
Any help would be greatly appreciated.
© Server Fault or respective owner