The Perfect Xen 3.0 Setup For Debian | IPTABLES

Discussion in 'HOWTO-Related Questions' started by rocket30, May 5, 2006.

  1. rocket30

    rocket30 New Member

    I took the compile-your-own-kernel route and iptables is not working on vm01.

    This is what shows on dm0:

    dm0:/# iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif4.0

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    dm0:/# iptables --list
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif4.0

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    dm0:/#


    This is what shows on vm01:

    vm01:/# iptables -L
    Note: /etc/modules.conf is more recent than /lib/modules/2.6.12.6-xenU/modules.d ep
    modprobe: QM_MODULES: Function not implemented

    modprobe: QM_MODULES: Function not implemented

    modprobe: Can't locate module ip_tables
    iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do yo u need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.
    vm01:/#


    From dm0 I display iptables kernel options for xen0 and xenU:

    dm0:/# cat /boot/config-2.6.12.6-xen0 | grep -i "IPTABLES"
    CONFIG_IP_NF_IPTABLES=m
    dm0:/# cat /boot/config-2.6.12.6-xenU | grep -i "IPTABLES"
    CONFIG_IP_NF_IPTABLES=m
    dm0:/#



    Any suggestions on how to fix iptables on vm01?
     
  2. rocket30

    rocket30 New Member

    I installed module-init-tools on vm01, rebooted and receive the following:

    vm01:~# iptables -L
    iptables v1.2.11: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.
    vm01:~#
     
  3. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Are you sure you followed the tutorial to the letter? It seems as if iptables is not compiled into domU's kernel.
    Do you have multiple domU kernels? Then make sure you use the correct one.
     
  4. dracula

    dracula New Member

    Hi, I have the same problem.
    I have rechecked the kernel configuration and compared to the howto but I don't see any difference. iptables has been compiled as module in dom0 and domU.
    Any other things I have to look at? :confused:
     
  5. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Just make sure you follow the tutorial to the letter. Use Xen 3.0.1 instead of Xen 3.0.2, etc.
     
  6. dracula

    dracula New Member

    I think I can say I have followed the tutorial to the letter!
    I am using xen 3.0.1 instead of 3.0.2, ip_tables compiled as module and the mofules copied to domU after kernel compilation.
    I don't know what I could have done different.
     
  7. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Are you sure you enabled iptables for the domU kernel? Please check in the domU kernel configuration file in /boot.
     
  8. dracula

    dracula New Member

    yes pretty sure! but I found the problem!
    my fault :eek:

    I installed dom0 as amd64 and one domU as i386 and a other also as amd64!
    The one I was trying to set up was installed as i386 ( don't ask why ... I don't know, probably the heat in the office )
    As I noticed this I tried it on the amd64 installation and there it works ! so I gues my problem is fixed :)
    thanks anyway for the help
     

Share This Page