New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
xt_connlimit failed on the OpenVZ VPS, even its loaded on the host node
Hi, do You have any idea where the problem can be?
ConfigServerFirewall test script failed with xt_connlimit error, but it seems to be loaded on the host node..
vzctl exec 3080 perl /etc/csf/csftest.pl|grep error
Testing xt_connlimit...FAILED [Error: iptables: Unknown error 18446744073709551615] - Required for CONNLIMIT feature
lsmod|grep connlimit
xt_connlimit 3254 5
nf_conntrack 80313 14 xt_connlimit,nf_conntrack_ipv6,xt_conntrack,xt_state,vzrst,vzcpt,nf_nat_ftp,nf_conntrack_ftp,iptable_nat,nf_nat_pptp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_nat,nf_conntrack_ipv4
cat /etc/vz/conf/3080.conf|grep NETFILTER
NETFILTER="full"
netfilter full and iptbles modules are there since VPS was created and it was restarted couple of the times.
Comments
Hi there, with all the threads you have opened up recently I would recommend a Managed experience. You won't have the hassle of dealing with any of this stuff, and you won't have to
bug usask us with a new thread each time you have a problem.Or just hire an admin.
come on guys, obviously the free help from an entire lowend community is much better than some paid admin work.
God forbid Google.
+1 For Google but I'm against "paid admin work" in this case.
How the heck is one supposed to learn stuff if in the smallest problem they're to look for a sysadmin.
@postccd,
Do google. It even points back here to LET where some people actually did like to share information: https://www.lowendtalk.com/discussion/29745/iptables-required-modules-not-available-in-openvz-container
@Nomad
Thx for the link, yes, i googled before asking and i read yours mentioned topic, but can't find anything helpfull.
Acoording to CSF test script (perl /etc/csf/csftest.pl), all iptables modules works OK on the VPS, except this connlimit module, even it is available on the host node and netfilter is full in VPS .conf file and VPS was restarted.
@postcd,
Check out this link: http://internetlifeforum.com/security-protection/462-tutorial-installing-csf-config-server-firewall-linux/
Unfortunately I don't use OpenVZ in anyway so I'm not much of a help.
This issue is because of CentOS 5.x which do not support connlimit. Here it is explained: https://lists.centos.org/pipermail/centos/2008-June/059656.html
CentOS release 6.8 (Final) - worked ..OK
CentOS release 5.9 (Final) - iptables: Unknown error 18446744073709551615] - Required for CONNLIMIT feature
This is related / possible ways to patch:
https://bugzilla.redhat.com/show_bug.cgi?id=521999
https://kb.plesk.com/en/115411
http://www.evsmisc.info/linux/connlimit-patch-smoothwall.html
https://www.centos.org/forums/viewtopic.php?t=30516
or better, use new CentOS versions.
any particular reason why you used Centos 5.x?