[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Re: Xen and iptables


  • To: xen-users@xxxxxxxxxxxxxxxxxxx
  • From: "Frank Church" <voipfc@xxxxxxxxxxxxxx>
  • Date: Mon, 4 Jun 2007 14:50:29 +0100
  • Delivery-date: Mon, 04 Jun 2007 06:48:48 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=beta; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=hDs09SSEt8RNDg4gPrFIjzRaJtuUkOIYh4Rea/qCWJ1JC2Vu2ZhtgNf3yuTd0vMGO74UhG6WJh8S8A++fLTzPf0W36EP2B6SrZ2qFkeEOqUhABQo26juFKyVFzMglKAD4P0cmjGNzWT+Y+gYadKQC1wI3HE64IbGcNs6IYMtLjE=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

On 04/06/07, Frank Church <voipfc@xxxxxxxxxxxxxx> wrote:
On 04/06/07, Frank Church <voipfc@xxxxxxxxxxxxxx> wrote:
> Is there something about Xen and iptables that I don't know about.
>
> I converted a VMWare Centos 4.4 system to run under Xen 3.0.2 on Ubuntu 6.06.
>
> When I try to run iptables on the Centos VM I get this error.
>
> iptables -L
> iptables v1.2.11: can't initialize iptables table `filter': iptables
> who? (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.
>
> I suspect that there is something I have to do on the domU to get it
> to work or that I may have to copy something over from the domU.
>
> What should I do?
>
> /voipfc
>

After going through your responses I think I have to start from scratch.
When I run modprobe ip_tables there is no error report.

When I run iptables -L on the domU this is the output

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            PHYSDEV
match --physdev-in vif14.0
ACCEPT     all  --  anywhere             anywhere            PHYSDEV
match --physdev-in vif15.0
ACCEPT     all  --  anywhere             anywhere            PHYSDEV
match --physdev-in vif22.0
ACCEPT     all  --  anywhere             anywhere            PHYSDEV
match --physdev-in vif26.0
ACCEPT     all  --  anywhere             anywhere            PHYSDEV
match --physdev-in vif28.0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


What is the command to check that the iptables module is stored on the VM?

Is there supposed to be some .ko file in the modules directory?


modprobe ip_tables gives no error messages.on the VM

service ip_tables restart give the message below.
=============================================
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]

 /sbin/iptables -V on the VM outputs.
iptables v1.2.11

 /sbin/iptables -V on the host outputs.
iptables v1.3.3

service apf restart on the VM outputs

Stopping APF:                                              [  OK  ]
Starting APF:Unable to load iptables module (ipt_state), aborting.
                                                           [  OK  ]

Do I have to insmod ipt_state etc for those modules to be installed?

Grepping modules.dep on both host and source shows that iptables is
installed. I copied the whole lib/modules folder to the VM, and  I
will restart it again to see if it works.


After I restarting the server I realized that apf had to be recompiled
against the modules and that fixed everything.

Thanks for the help

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.