0

This is related to the question I asked before. Now I am getting a different error.

iptables: Unknown error 18446744073709551615

when trying to apply a simple rule in VZ container

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

I have done everything that was suggested to do on hardware node and container but the error persists.

On hardware node:

  • /etc/sysconfig/iptables-config

    IPTABLES_MODULES="ip_conntrack_netbios_ns ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

  • /etc/vz/vz.conf

    IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

  • /etc/rc.local

    modprobe xt_tcpudp; modprobe ip_conntrack; modprobe xt_state

  • container config

    IPTABLES="ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp "

I have restarted HN and container numerous times, but the error is still there. It seems like all config is in place but something like lack of some resources is preventing the rule from being applied.

Thanks for any help.

Community
  • 1
xsaero00
  • 255
  • 3
  • 10
  • To get a better error message, use at least iptables >= 1.4.3. – user61188 Dec 27 '10 at 20:20
  • Troubleshooting questions: * What are the versions of the OpenVZ kernel, vzclt, HN OS, and container OS? * Does running `modprobe xt_tcpudp; modprobe ip_conntrack; modprobe xt_state` inside the container give you any errors? – Aleksandr Levchuk Jan 19 '11 at 18:30

1 Answers1

0

Try adding the ipt_REDIRECT module to your various configuration variables.

Steven Monday
  • 13,599
  • 4
  • 36
  • 45