[PVE-User] iptables state module broken in debian 4.0 appliance?
Pongracz Istvan
pongracz.istvan at gmail.com
Wed Jan 28 08:13:01 CET 2009
2009. 01. 28, szerda keltezéssel 07.56-kor Dietmar Maurer ezt írta:
> > # iptables -A INPUT --state RELATED,ESTABLISHED -j ACCEPT
> > iptables v1.3.6: Unknown arg `--state'
> > Try `iptables -h' or 'iptables --help' for more information.
> >
> > Hmm, no that didn't do the trick. iptables -m tcp or -m udp seems to
> > work fine though, but not the state module.
>
> I guess you need to load the conntrack module on the host.
>
> (All modules needs to be loaded on the host, not the guest)
In my case, all modules are loaded, I checked several times.
I put all related modules into the configuration.
Here is my conf + loaded modules:
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter
iptable_mangle ipt_TCPMSS ipt_tcpmss \
ipt_ttl ipt_length ip_conntrack ip_conntrack_ftp
ip_conntrack_irc ipt_LOG ipt_conntrack ipt_helper \
ipt_state iptable_nat ip_nat_ftp ip_nat_irc ipt_TOS "
# lsmod
Module Size Used by
kvm_amd 48048 0
kvm 191752 1 kvm_amd
vzethdev 23808 0
vznetdev 32776 19
simfs 14320 16
vzrst 155688 0
vzcpt 129976 0
tun 23168 2 vzrst,vzcpt
vzdquota 58864 16 [permanent]
vzmon 58520 20 vzethdev,vznetdev,vzrst,vzcpt
vzdev 13064 8 vzethdev,vznetdev,vzdquota,vzmon
xt_TCPMSS 13568 0
fan 14216 0
ac 15752 0
battery 24328 0
aoe 60704 0
ip6table_filter 13568 17
xt_connlimit 14344 0
xt_realm 10496 0
iptable_raw 11264 0
xt_comment 10752 18
xt_policy 12672 0
ipt_ULOG 20744 0
ipt_TTL 11136 0
ipt_ttl 10752 0
ipt_TOS 11136 0
ipt_tos 10496 0
ipt_SAME 11136 0
ipt_REJECT 13952 6
ipt_REDIRECT 11008 0
ipt_recent 20116 0
ipt_owner 10880 0
ipt_NETMAP 10752 0
ipt_MASQUERADE 11520 0
ipt_LOG 15872 4
ipt_iprange 10624 0
ipt_ECN 11904 0
ipt_ecn 11136 0
ipt_CLUSTERIP 18440 0
ipt_ah 10752 0
ipt_addrtype 10752 4
nf_nat_tftp 10624 0
nf_nat_snmp_basic 20228 0
nf_nat_sip 13568 0
nf_nat_pptp 12800 0
nf_nat_proto_gre 11780 1 nf_nat_pptp
nf_nat_irc 11648 0
nf_nat_h323 17280 0
nf_nat_ftp 12544 0
nf_nat_amanda 11264 0
ts_kmp 11136 5
nf_conntrack_amanda 14464 1 nf_nat_amanda
nf_conntrack_tftp 14868 1 nf_nat_tftp
nf_conntrack_sip 19732 1 nf_nat_sip
nf_conntrack_proto_sctp 19340 0
nf_conntrack_pptp 16768 1 nf_nat_pptp
nf_conntrack_proto_gre 15488 1 nf_conntrack_pptp
nf_conntrack_netlink 39808 0
nf_conntrack_netbios_ns 12032 0
nf_conntrack_irc 16544 1 nf_nat_irc
nf_conntrack_h323 66656 1 nf_nat_h323
nf_conntrack_ftp 19240 1 nf_nat_ftp
xt_tcpmss 11264 0
xt_pkttype 10752 0
xt_physdev 11536 0
xt_NFQUEUE 10880 0
xt_NFLOG 11008 0
xt_multiport 12288 8
xt_MARK 11648 0
xt_mark 11264 0
xt_mac 10752 0
xt_limit 12032 0
xt_length 10752 0
xt_helper 11648 0
xt_hashlimit 21120 0
ip6_tables 26568 2 ip6table_filter,xt_hashlimit
xt_DSCP 11392 0
xt_dscp 11008 0
xt_dccp 12424 0
xt_conntrack 12544 5
xt_CONNMARK 12544 0
xt_connmark 11648 0
xt_CLASSIFY 10624 0
xt_tcpudp 12288 50
xt_state 11392 23
iptable_nat 19716 1
nf_nat 31376 14
ipt_SAME,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,nf_nat_tftp,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,nf_conntrack_netlink,iptable_nat
nf_conntrack_ipv4 36880 30 iptable_nat
nf_conntrack 101600 29
xt_connlimit,ipt_CLUSTERIP,nf_nat_tftp,nf_nat_snmp_basic,nf_nat_sip,nf_nat_pptp,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,nf_conntrack_amanda,nf_conntrack_tftp,nf_conntrack_sip,nf_conntrack_proto_sctp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_netlink,nf_conntrack_netbios_ns,nf_conntrack_irc,nf_conntrack_h323,nf_conntrack_ftp,xt_helper,xt_conntrack,xt_CONNMARK,xt_connmark,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
iptable_mangle 13824 17
nfnetlink 14280 1 nf_conntrack_netlink
iptable_filter 13696 19
ip_tables 33256 4
iptable_raw,iptable_nat,iptable_mangle,iptable_filter
x_tables 33672 49
xt_TCPMSS,xt_connlimit,xt_realm,xt_comment,xt_policy,ipt_ULOG,ipt_TTL,ipt_ttl,ipt_TOS,ipt_tos,ipt_SAME,ipt_REJECT,ipt_REDIRECT,ipt_recent,ipt_owner,ipt_NETMAP,ipt_MASQUERADE,ipt_LOG,ipt_iprange,ipt_ECN,ipt_ecn,ipt_CLUSTERIP,ipt_ah,ipt_addrtype,xt_tcpmss,xt_pkttype,xt_physdev,xt_NFQUEUE,xt_NFLOG,xt_multiport,xt_MARK,xt_mark,xt_mac,xt_limit,xt_length,xt_helper,xt_hashlimit,ip6_tables,xt_DSCP,xt_dscp,xt_dccp,xt_conntrack,xt_CONNMARK,xt_connmark,xt_CLASSIFY,xt_tcpudp,xt_state,iptable_nat,ip_tables
ipv6 342016 166 vzrst,vzcpt,vzmon,nf_conntrack_h323
bridge 73128 0
deflate 13056 0
zlib_deflate 30104 1 deflate
twofish 15232 0
twofish_common 48512 1 twofish
camellia 38016 0
serpent 28032 0
blowfish 17408 0
des_generic 25728 0
cbc 13696 0
ecb 12672 0
blkcipher 16772 2 cbc,ecb
aes_generic 35392 0
aes_x86_64 34472 0
xcbc 15496 0
sha256_generic 17792 0
sha1_generic 11648 0
crypto_null 11776 0
af_key 49300 0
dm_snapshot 28256 0
dm_mirror 34432 0
it87 34448 0
hwmon_vid 12416 1 it87
eeprom 17296 0
snd_hda_intel 384424 0
snd_pcm 95880 1 snd_hda_intel
snd_timer 35464 1 snd_pcm
snd_page_alloc 19984 2 snd_hda_intel,snd_pcm
snd_hwdep 19848 1 snd_hda_intel
thermal 27168 0
snd 77864 4
snd_hda_intel,snd_pcm,snd_timer,snd_hwdep
psmouse 53788 0
k8temp 14976 0
button 18336 0
processor 49768 1 thermal
r8169 44292 0
soundcore 18208 1 snd
serio_raw 16516 0
parport_pc 49064 0
parport 53132 1 parport_pc
evdev 22912 0
sg 49432 0
pcspkr 12288 0
raid10 34816 0
raid456 140064 0
async_xor 13696 1 raid456
async_memcpy 12160 1 raid456
async_tx 18296 3 raid456,async_xor,async_memcpy
xor 14864 2 raid456,async_xor
raid1 34944 5
raid0 17024 0
multipath 18816 0
linear 15104 0
md_mod 96924 10
raid10,raid456,raid1,raid0,multipath,linear
dm_mod 79736 5 dm_snapshot,dm_mirror
usbhid 43616 0
hid 52544 1 usbhid
usb_storage 90304 0
libusual 31072 1 usb_storage
sd_mod 40448 14
sr_mod 27684 0
ide_disk 26496 0
ide_generic 9856 0 [permanent]
ide_cd 43040 0
cdrom 48936 2 sr_mod,ide_cd
shpchp 45596 0
pci_hotplug 43312 1 shpchp
ahci 40708 14
ohci_hcd 39580 0
ssb 44804 1 ohci_hcd
ehci_hcd 48908 0
usbcore 178608 6
usbhid,usb_storage,libusual,ohci_hcd,ehci_hcd
i2c_piix4 18828 0
i2c_core 36352 2 eeprom,i2c_piix4
atiixp 14096 0 [permanent]
ide_core 144152 4 ide_disk,ide_generic,ide_cd,atiixp
pata_atiixp 17920 0
pata_acpi 17152 0
ata_generic 17412 0
libata 184496 4 ahci,pata_atiixp,pata_acpi,ata_generic
scsi_mod 187192 5 sg,usb_storage,sd_mod,sr_mod,libata
isofs 47144 0
msdos 19712 0
fat 67760 1 msdos
--
BSA. Mert megérdemlitek.
Open Source. Mert megérdemlem.
--
BSA. They value it.
Open Source. The value. It.
--
http://www.startit.hu
http://www.osbusiness.hu
More information about the pve-user
mailing list