New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
xt_connlimit issue
In one of the OpenVZ vps, xt_connlimit is not working (required by CSF) however, on host node its available and its added in
/etc/vz/vz.conf
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length xt_connlimit iptable_nat xt_owner ipt_REDIRECT ipt_DNAT "
When start vps , it shows error :
Warning: Unknown iptable module: xt_connlimit, skipped
Warning: Unknown iptable module: xt_owner, skipped
Warning: Unknown iptable module: ipt_DNAT, skipped
Container is running Centos5.9 x86
Kernel is :
Linux localhost.localdomain 2.6.32-042stab072.10 #1 SMP Wed Jan 16 18:54:05 MSK 2013 x86_64 x86_64 x86_64 GNU/Linux
Any idea why this is not visible on container ?
Comments
run:
modprobe ipt_recent;
modprobe xt_connlimit;
lsmod | grep connlimit;
lsmod | grep recent;
/etc/vz/vz.conf -> add "ipt_recent" on IPTABLES=
The connlimit implementation changed between the 2.6.18 kernels and 2.6.32 kernels. The data format used to communicate between the userland (iptables) and the kernel is incompatible between the two.
So 2.6.18 userland (iptables) cannot talk with the 2.6.32 xt_connlimit kernel module.
Install CentOS 6 on the VPS and connlimit will probably work.
So, with one of my host, it is working well ie. centOS 5.9 , it means their host node is running older version of CentOS ie. 5.x ?
Anyways, thanks rds100 for confirming, I read what you said around but I thought first to ask here. I will create a container with cent os 6 and verify it.
Yes, if you tell me what kernel version that VPS from the other provider reports i can tell you what it's running.
Yap, you are right, it is working fine in centos 6 template ...