[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Re: Xen and iptables



On Mon, Jun 04, 2007 at 01:13:30AM +0100, Frank Church wrote:
> I converted a VMWare Centos 4.4 system to run under Xen 3.0.2 on Ubuntu 
> 6.06.
> 
> When I try to run iptables on the Centos VM I get this error.
> 
> iptables -L
> iptables v1.2.11: can't initialize iptables table `filter': iptables
> who? (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.
> 
> I suspect that there is something I have to do on the domU to get it
> to work or that I may have to copy something over from the domU.

As Luke has mentioned, make sure that the modules for the running domU
kernel are available in /lib/modules, and also that the module.dep file is
up to date (consider a depmod run in the VM to make sure).

Verifying that the iptables module is available and loaded is quite simple. 
Run 'lsmod |grep ip_tables' and if there's any output, you've got IP tables
loaded.  If not, try 'modprobe ip_tables' and make sure it doesn't give any
errors.

If you still get the same error after you've verified that the ip_tables
module is loaded, then you've probably hit my favourite glitch-of-the-week. 

You're probably running a 32-bit VM userland on a 64-bit domU
kernel/hypervisor, and so the 32-bit iptables binary can't talk to your
64-bit kernel (architecture-dependent data structures, doncha know).  You
need to get a 64-bit libc and dynamic loader, and get a 64-bit
/sbin/iptables and /lib/iptables/* onto your domU.  I don't know how to do
that on a CentOS box, though, short of a bunch of manual scp work.  I could
tell you how easy it is on a Debian/Ubuntu VM, but that wouldn't be very
helpful for you.

- Matt

-- 
Another Fine Product From The Nonsense Factory.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.