WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] How to add iptables modules to Domu Kernel??

from [Sadique] [Permanent Link][Original]
To: Anand Gupta <xen.mails@xxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] How to add iptables modules to Domu Kernel??
From: Sadique <sadique@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 08 Jun 2006 13:54:43 +0530
Delivery-date: Thu, 08 Jun 2006 08:45:10 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <acb757c00606071223l32317508v75225b264ef64fab@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <BAY103-F3499F5630E184DCECB1F0FA19E0@xxxxxxx> <44787945.5050908@xxxxxxxxxxxxxxxxxxx> <acb757c00606071223l32317508v75225b264ef64fab@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0.7 (X11/20050923) 
Anand Gupta wrote:

> I am using xen 3.0.2 stable and iptables is compiled as module.
>
> Inside domU, i tried the following
>
> -bash-3.00# modprobe iptable_filter
> ip_tables: (C) 2000-2006 Netfilter Core Team
> -bash-3.00# modprobe iptable_raw
> -bash-3.00# modprobe iptable_nat
> Netfilter messages via NETLINK v0.30.
> ip_conntrack version 2.4 (1056 buckets, 8448 max) - 312 bytes per
> conntrack
> -bash-3.00# modprobe iptable_mangle
>
> Now if i try to load iptables rpm, and run iptables -L, i get the
> following
>
> iptables v1.2.11: can't initialize iptables table `filter': Module is
> wrong version
> Perhaps iptables or your kernel needs to be upgraded.
>
> Any ideas on how to solve it ?
>
> On 5/27/06, *Sadique* <sadique@xxxxxxxxxxxxxxxxxxx
> <mailto:sadique@xxxxxxxxxxxxxxxxxxx>> wrote:
>
>     I am not sure whether iptables module is compiled into the Dom-U
>     kernel
>     by default in xen binary packages.
>     The best option for you should be to complie xen kernel from
>     source and
>     add iptables support statically to the kernel.
>
>     make menuconfig
>     Networking  ---> Networking options  --->  Network packet filtering
>     (replaces ipchains)  --->  Core Netfilter
>     Configuration  --->  Netfilter
>     Xtables support (required for ip_tables) and do enable all modules
>     included in that as per your need.
>     Then go to - Networking  ---> Networking options  --->  Network packet
>     filtering (replaces ipchains)  ---> IP: Netfilter Configuration  --->
>     IP tables support (required for filtering/masq/NAT)
>
>     You can only go to the second step after doing the first one.
>
>
>     It's best you add the iptables support statically into the kernel
>     rather than enabling it as a module. Why? If you compile it as a
>     module you need to copy the module to every Dom-U manually.
>
>     Thanks
>     Sadique
>
>     miguel c wrote:
>
>     > Hi, I'm running xen 2.0 in a Fedora Core 3 distro. My problem is
>     that
>     > I want to configure a virtual machine so that works as a
>     > firewall/router. So, I need iptables working on this one.
>     > Unfortunately I must have some modules loaded such as ip_tables,
>     > iptables_nat, etc.
>     > Where can I do this without making mad trying it?
>     > Thank you  very much
>     >
>     >
>     >
>     > _______________________________________________
>     > Xen-users mailing list
>     > Xen-users@xxxxxxxxxxxxxxxxxxx <mailto:Xen-users@xxxxxxxxxxxxxxxxxxx>
>     > http://lists.xensource.com/xen-users
>     >
>     >
>
>
>     _______________________________________________
>     Xen-users mailing list
>     Xen-users@xxxxxxxxxxxxxxxxxxx <mailto:Xen-users@xxxxxxxxxxxxxxxxxxx>
>     http://lists.xensource.com/xen-users
>
>
>
>
> -- 
> regards,
>
> Anand Gupta
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Xen-users mailing list
>Xen-users@xxxxxxxxxxxxxxxxxxx
>http://lists.xensource.com/xen-users
>
Did you copy the modules from /lib/modules/lib/modules/2.6.16-xenU or
from the source/dist ...  of Dom-0  to the /lib/modules/2.6.16-xenU of
Dom-U? You should do that for all dom-U's or this should be added to the
default template.

I have always compiled iptables support statically to the Dom-U kernel
and iptables works fine for me. Have not yet tested as a module.

-- 
Sadique PP
Sr. System Administrator
Vanilla Networks Pvt Ltd
SDF-IT Building, Infopark
Kakkanad, Cochin, India 682030

Mobile: +919895643639


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Guest domain with PCI frontend disabled IRQ, backend device dies, Itai Tavor
Next by Date:  Re: [Xen-users] How to add iptables modules to Domu Kernel??, Anand Gupta
Previous by Thread:  Re: [Xen-users] How to add iptables modules to Domu Kernel??, Anand Gupta
Next by Thread:  Re: [Xen-users] How to add iptables modules to Domu Kernel??, Anand Gupta
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy