WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Re: Xen and iptables

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Re: Xen and iptables
From: "Frank Church" <voipfc@xxxxxxxxxxxxxx>
Date: Mon, 4 Jun 2007 14:50:29 +0100
Delivery-date: Mon, 04 Jun 2007 06:48:48 -0700
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=googlemail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=sHfEGJppW4NM70P6ei/QJ4eJ/7gbO6iw7yZEM3dtJlHtWy9EaN54WkPf5eTxhKalRCioNQ96PJZ+NiC+yrQ9Qr7hFscdlhbgswTTLHT7OkZdNNRunNrOM2hs16JbHEam2dmKDLENIrGBF3N4O4+dlW1r//jmfbiF8riKi8wVcsY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=beta; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=hDs09SSEt8RNDg4gPrFIjzRaJtuUkOIYh4Rea/qCWJ1JC2Vu2ZhtgNf3yuTd0vMGO74UhG6WJh8S8A++fLTzPf0W36EP2B6SrZ2qFkeEOqUhABQo26juFKyVFzMglKAD4P0cmjGNzWT+Y+gYadKQC1wI3HE64IbGcNs6IYMtLjE=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <84b7c6460706040618i5eb6b1b5k5c1548cfb7cb1ec9@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <84b7c6460706031713p4d4bdcddqfb96342045ebddb2@xxxxxxxxxxxxxx> <84b7c6460706040618i5eb6b1b5k5c1548cfb7cb1ec9@xxxxxxxxxxxxxx>
Reply-to: voipfc@xxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
On 04/06/07, Frank Church <voipfc@xxxxxxxxxxxxxx> wrote:
On 04/06/07, Frank Church <voipfc@xxxxxxxxxxxxxx> wrote:
> Is there something about Xen and iptables that I don't know about.
>
> I converted a VMWare Centos 4.4 system to run under Xen 3.0.2 on Ubuntu 6.06.
>
> When I try to run iptables on the Centos VM I get this error.
>
> iptables -L
> iptables v1.2.11: can't initialize iptables table `filter': iptables
> who? (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.
>
> I suspect that there is something I have to do on the domU to get it
> to work or that I may have to copy something over from the domU.
>
> What should I do?
>
> /voipfc
>

After going through your responses I think I have to start from scratch.
When I run modprobe ip_tables there is no error report.

When I run iptables -L on the domU this is the output

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            PHYSDEV
match --physdev-in vif14.0
ACCEPT     all  --  anywhere             anywhere            PHYSDEV
match --physdev-in vif15.0
ACCEPT     all  --  anywhere             anywhere            PHYSDEV
match --physdev-in vif22.0
ACCEPT     all  --  anywhere             anywhere            PHYSDEV
match --physdev-in vif26.0
ACCEPT     all  --  anywhere             anywhere            PHYSDEV
match --physdev-in vif28.0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


What is the command to check that the iptables module is stored on the VM?

Is there supposed to be some .ko file in the modules directory?


modprobe ip_tables gives no error messages.on the VM

service ip_tables restart give the message below.
=============================================
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]

 /sbin/iptables -V on the VM outputs.
iptables v1.2.11

 /sbin/iptables -V on the host outputs.
iptables v1.3.3

service apf restart on the VM outputs

Stopping APF:                                              [  OK  ]
Starting APF:Unable to load iptables module (ipt_state), aborting.
                                                           [  OK  ]

Do I have to insmod ipt_state etc for those modules to be installed?

Grepping modules.dep on both host and source shows that iptables is
installed. I copied the whole lib/modules folder to the VM, and  I
will restart it again to see if it works.


After I restarting the server I realized that apf had to be recompiled
against the modules and that fixed everything.

Thanks for the help

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>