Bug#607041: Bug#590321: vzctl: ip6tables does not work in VE
Hi Sorry for the delayed response. (I have been on a business trip). Very good to know. Unfortunatly this build did not reach the stable release. Maks, do you know if this would be a good candidate for the next point release? Best regards, // Ola On Tue, Feb 01, 2011 at 10:13:28AM +0100, Christian Hofstädtler wrote: Hi everyone, have a 2.6.32-31 build for testing here, ola or anyone? http://charm.itp.tuwien.ac.at/~mattems/linux-image-2.6.32-5-openvz-amd64_2.6.32-31_amd64.deb http://charm.itp.tuwien.ac.at/~mattems/linux-image-2.6.32-5-openvz-amd64_2.6.32-31_amd64.deb.sha512sum.asc This test build works for me and resolves the ip6tables issue. I've had someone else test this too (thanks Bernhard), and he reports that this build also fixes #587905 and #579658 for him. Thanks, Christian -- --- Inguza Technology AB --- MSc in Information Technology / o...@inguza.comAnnebergsslingan 37\ | o...@debian.org 654 65 KARLSTAD| | http://inguza.com/Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#579658: Bug#590321: vzctl: ip6tables does not work in VE
On Tue, Feb 15, 2011 at 10:02:10PM +0100, Ola Lundqvist wrote: Sorry for the delayed response. (I have been on a business trip). Very good to know. Unfortunatly this build did not reach the stable release. sure the updated git only came out shortly before release. Maks, do you know if this would be a good candidate for the next point release? next squeeze upload will have it. what would be cool would be to add also those nfs fixes, but afair they are not yet in git, please reping about them. thank you. -- maks -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#590321: vzctl: ip6tables does not work in VE
Hi everyone, have a 2.6.32-31 build for testing here, ola or anyone? http://charm.itp.tuwien.ac.at/~mattems/linux-image-2.6.32-5-openvz-amd64_2.6.32-31_amd64.deb http://charm.itp.tuwien.ac.at/~mattems/linux-image-2.6.32-5-openvz-amd64_2.6.32-31_amd64.deb.sha512sum.asc This test build works for me and resolves the ip6tables issue. I've had someone else test this too (thanks Bernhard), and he reports that this build also fixes #587905 and #579658 for him. Thanks, Christian -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#590321: vzctl: ip6tables does not work in VE
Hi It is now in the latest one. Try this. http://charm.itp.tuwien.ac.at/~mattems/linux-image-2.6.32-5-openvz-amd64_2.6.32-31_amd64.deb http://charm.itp.tuwien.ac.at/~mattems/linux-image-2.6.32-5-openvz-amd64_2.6.32-31_amd64.deb.sha512sum.asc // Ola On Tue, Jan 25, 2011 at 11:11:52PM +0100, Christian Hofstädtler wrote: 2011/1/19 Steven Chamberlain ste...@pyro.eu.org: Now, can we please have this fixed for squeeze or (at least) the first point release? It looks like it hasn't been accepted into OpenVZ GIT yet. I'm not sure why. I think it would only be accepted into Debian after that happens. Apparently it's now in OpenVZ GIT: http://git.openvz.org/?p=linux-2.6.32-openvz;a=commit;h=835db9404b7c1d5e9ef16d5dd17a1c8bd7431137 http://git.openvz.org/?p=linux-2.6.32-openvz;a=commit;h=56628f791cdee0846cdf250b7bbad70144f9b231 Any Debian kernel guys watching this bug? Christian -- http://zeha.at/ -- - Ola Lundqvist --- / o...@debian.org Annebergsslingan 37 \ | o...@inguza.com 654 65 KARLSTAD | | http://inguza.com/ +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#590321: vzctl: ip6tables does not work in VE
On 15/01/11 16:18, Ola Lundqvist wrote: severity 607041 important merge 607041 590321 thanks Thanks for the information. Merging them. Hi Ola, I notice these bugs didn't actually get merged. From the BTS documentation it seems you must first resassign 590321 to linux-image-2.6.32-5-openvz-amd64 before you can merge or forcemerge them. Right now I'm running this test build posted by Max Attems which I'm happy to say fixes the issue for me (although I had to --force-depends to install it without an updated linux-base package): have a 2.6.32-31 build for testing here, ola or anyone? http://charm.itp.tuwien.ac.at/~mattems/linux-image-2.6.32-5-openvz-amd64_2.6.32-31_amd64.deb http://charm.itp.tuwien.ac.at/~mattems/linux-image-2.6.32-5-openvz-amd64_2.6.32-31_amd64.deb.sha512sum.asc I also note that 'tc' works now inside VEs; this was a separate issue that someone had reported here: http://bugzilla.openvz.org/1238 Thanks, everyone! Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#590321: Bug#607041: Bug#590321: vzctl: ip6tables does not work in VE
On Thu, Jan 27, 2011 at 09:10:24PM +, Steven Chamberlain wrote: I notice these bugs didn't actually get merged. From the BTS documentation it seems you must first resassign 590321 to linux-image-2.6.32-5-openvz-amd64 before you can merge or forcemerge them. reassigned both to linux-2.6 and forcemerged them. The source is the culprit not the binary package. Right now I'm running this test build posted by Max Attems which I'm happy to say fixes the issue for me (although I had to --force-depends to install it without an updated linux-base package): oh right this is a pain I allways forget, we need to get rid of this postsqueeze, now libata switch is done. http://charm.itp.tuwien.ac.at/~mattems/linux-base_2.6.32-31_all.deb http://charm.itp.tuwien.ac.at/~mattems/linux-base_2.6.32-31_all.deb.sha512.asc have a 2.6.32-31 build for testing here, ola or anyone? http://charm.itp.tuwien.ac.at/~mattems/linux-image-2.6.32-5-openvz-amd64_2.6.32-31_amd64.deb http://charm.itp.tuwien.ac.at/~mattems/linux-image-2.6.32-5-openvz-amd64_2.6.32-31_amd64.deb.sha512sum.asc I also note that 'tc' works now inside VEs; this was a separate issue that someone had reported here: http://bugzilla.openvz.org/1238 good pointer, added to changelog. thanks for the testing!! -- maks -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#590321: Bug#607041: Bug#590321: vzctl: ip6tables does not work in VE
Thanks to you both (Steven and Maximilian) Thanks for the fast feedback and the testing. Especially the testing saves me the hassle to re-install my lab machine. For some reason I was hit by the ATA driver change in the recent kernels so not that machine no longer boots. Now I still need to re-install (or fix) it but I do not have to do it today. :-) Best regards, // Ola On Thu, Jan 27, 2011 at 11:21:40PM +, maximilian attems wrote: On Thu, Jan 27, 2011 at 09:10:24PM +, Steven Chamberlain wrote: I notice these bugs didn't actually get merged. From the BTS documentation it seems you must first resassign 590321 to linux-image-2.6.32-5-openvz-amd64 before you can merge or forcemerge them. reassigned both to linux-2.6 and forcemerged them. The source is the culprit not the binary package. Right now I'm running this test build posted by Max Attems which I'm happy to say fixes the issue for me (although I had to --force-depends to install it without an updated linux-base package): oh right this is a pain I allways forget, we need to get rid of this postsqueeze, now libata switch is done. http://charm.itp.tuwien.ac.at/~mattems/linux-base_2.6.32-31_all.deb http://charm.itp.tuwien.ac.at/~mattems/linux-base_2.6.32-31_all.deb.sha512.asc have a 2.6.32-31 build for testing here, ola or anyone? http://charm.itp.tuwien.ac.at/~mattems/linux-image-2.6.32-5-openvz-amd64_2.6.32-31_amd64.deb http://charm.itp.tuwien.ac.at/~mattems/linux-image-2.6.32-5-openvz-amd64_2.6.32-31_amd64.deb.sha512sum.asc I also note that 'tc' works now inside VEs; this was a separate issue that someone had reported here: http://bugzilla.openvz.org/1238 good pointer, added to changelog. thanks for the testing!! -- maks -- --- Inguza Technology AB --- MSc in Information Technology / o...@inguza.comAnnebergsslingan 37\ | o...@debian.org 654 65 KARLSTAD| | http://inguza.com/Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#590321: vzctl: ip6tables does not work in VE
2011/1/19 Steven Chamberlain ste...@pyro.eu.org: Now, can we please have this fixed for squeeze or (at least) the first point release? It looks like it hasn't been accepted into OpenVZ GIT yet. I'm not sure why. I think it would only be accepted into Debian after that happens. Apparently it's now in OpenVZ GIT: http://git.openvz.org/?p=linux-2.6.32-openvz;a=commit;h=835db9404b7c1d5e9ef16d5dd17a1c8bd7431137 http://git.openvz.org/?p=linux-2.6.32-openvz;a=commit;h=56628f791cdee0846cdf250b7bbad70144f9b231 Any Debian kernel guys watching this bug? Christian -- http://zeha.at/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#590321: vzctl: ip6tables does not work in VE
(Forwarding Christian's reply as it didn't go to the BTS) : On 18/01/11 16:50, Christian Hofstädtler wrote: 2011/1/18 Steven Chamberlain ste...@pyro.eu.org: ... My only guess is that something went wrong when you patched and built a new kernel. You're correct, the patched code didn't get installed properly. It actually works now! That's great news, thanks for testing the patch. Now, can we please have this fixed for squeeze or (at least) the first point release? It looks like it hasn't been accepted into OpenVZ GIT yet. I'm not sure why. I think it would only be accepted into Debian after that happens. Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#590321: vzctl: ip6tables does not work in VE
Hi Steven, On Thu, Dec 23, 2010 at 8:32 AM, Steven Chamberlain ste...@pyro.eu.org wrote: Your bug report is the same issue I've reported here -- actually a kernel bug: * http://bugs.debian.org/607041 * http://bugzilla.openvz.org/show_bug.cgi?id=1723 If you're able to patch and rebuild your Debian kernel you could try the patch available here: * http://bugzilla.openvz.org/attachment.cgi?id=1339 Thanks for the suggestion. I've now rebuilt the kernel with the patch applied, but it still doesn't work for me. Still seeing this in strace ip6tables -nL: socket(PF_INET6, SOCK_RAW, IPPROTO_RAW) = 3 getsockopt(3, SOL_IPV6, 0x40 /* IPV6_??? */, 0x7fffd59065f0, 0x7fffd5906658) = -1 EPERM (Operation not permitted) close(3)= 0 Do you have any insight on why this would still fail to work? Thanks, Christian -- http://zeha.at/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#590321: vzctl: ip6tables does not work in VE
On 17/01/11 22:23, Christian Hofstädtler wrote: Thanks for the suggestion. I've now rebuilt the kernel with the patch applied, but it still doesn't work for me. Still seeing this in strace ip6tables -nL: socket(PF_INET6, SOCK_RAW, IPPROTO_RAW) = 3 getsockopt(3, SOL_IPV6, 0x40 /* IPV6_??? */, 0x7fffd59065f0, 0x7fffd5906658) = -1 EPERM (Operation not permitted) close(3)= 0 Hi Christian, I don't see how else that return value might occur. My only guess is that something went wrong when you patched and built a new kernel. The Debian kernel build system is complicated, especially when building alternate flavours like openvz. Maybe the changes weren't include in the resulting ip6_tables.ko module. If it's any help, for Debian amd64 openvz kernel 2.6.32-29 my patched ip6_tables.ko turned out to be 33440 bytes, sha256sum 7341439857edf1fa8db353e805df197b6c202838799a0e14b5594cf42a80035b The original, unpatched module was 33360 bytes, sha256sum bf3ea26b107447114943bcb4dffe436c26bac784a26c1cd2da5ad1924811529c I extracted the Debian linux-2.6 source and saved the patch into this directory: debian/patches/features/all/openvz/ And I added a suitable entry to this file, after all the other openvz patches indicated by featureset=openvz : debian/patches/series/*-extra (filename depends on package version) Then I mostly followed this guide from step 6 onwards (but building amd64_openvz_amd64 instead) : http://wiki.debian.org/HowToRebuildAnOfficialDebianKernelPackage Much easier than a kernel patch+rebuild, there seems to be an easy workaround for this bug which does functionally the same thing as the patch, but maybe has some other unintended consequences, I don't know: vzctl set 1001 --capability net_admin:on --save After stopping and starting the VE it should then be able to use ip6tables. Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#607041: Bug#590321: vzctl: ip6tables does not work in VE
severity 607041 important merge 607041 590321 thanks Thanks for the information. Merging them. // Ola On Thu, Dec 23, 2010 at 07:32:55AM +, Steven Chamberlain wrote: Hi Christian, Your bug report is the same issue I've reported here -- actually a kernel bug: * http://bugs.debian.org/607041 * http://bugzilla.openvz.org/show_bug.cgi?id=1723 If you're able to patch and rebuild your Debian kernel you could try the patch available here: * http://bugzilla.openvz.org/attachment.cgi?id=1339 Regards, -- Steven Chamberlain ste...@pyro.eu.org -- - Ola Lundqvist --- / o...@debian.org Annebergsslingan 37 \ | o...@inguza.com 654 65 KARLSTAD | | http://inguza.com/ +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#590321: vzctl: ip6tables does not work in VE
Hi Christian, Your bug report is the same issue I've reported here -- actually a kernel bug: * http://bugs.debian.org/607041 * http://bugzilla.openvz.org/show_bug.cgi?id=1723 If you're able to patch and rebuild your Debian kernel you could try the patch available here: * http://bugzilla.openvz.org/attachment.cgi?id=1339 Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#590321: vzctl: ip6tables does not work in VE
Hi Ola, * Ola Lundqvist o...@debian.org [100726 00:51]: Hi Christian I have just uploaded a 3.0.24-1 version of vzctl. Can you please check whether that version solves your problem. As current packages have not yet entered the archive, I've rebuilt 3.0.24-1 dated 26-Jul-2010 09:26 from incoming.debian.org (I'm on amd64), but my ip6tables problem is still here: ip6tables -nL ip6tables v1.4.8: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?) Perhaps ip6tables or your kernel needs to be upgraded. Thanks, Christian -- christian hofstaedtler -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#590321: vzctl: ip6tables does not work in VE
Hi Christian Thanks for the information. What version of the kernel do you have installed now? And what modules are enabled on the host machine? // Ola On Mon, Jul 26, 2010 at 11:47:20AM +0200, Christian Hofstaedtler wrote: Hi Ola, * Ola Lundqvist o...@debian.org [100726 00:51]: Hi Christian I have just uploaded a 3.0.24-1 version of vzctl. Can you please check whether that version solves your problem. As current packages have not yet entered the archive, I've rebuilt 3.0.24-1 dated 26-Jul-2010 09:26 from incoming.debian.org (I'm on amd64), but my ip6tables problem is still here: ip6tables -nL ip6tables v1.4.8: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?) Perhaps ip6tables or your kernel needs to be upgraded. Thanks, Christian -- christian hofstaedtler -- --- Inguza Technology AB --- MSc in Information Technology / o...@inguza.comAnnebergsslingan 37\ | o...@debian.org 654 65 KARLSTAD| | http://inguza.com/Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#590321: vzctl: ip6tables does not work in VE
Hi Ola, Host: Linux squigley 2.6.32-5-openvz-amd64 #1 SMP Tue Jun 1 05:15:57 UTC 2010 x86_64 GNU/Linux % lsmod | egrep '^(xt|ipt|ip6)' ip6t_REJECT 2580 0 ip6table_mangle 3167 0 ip6table_filter 2448 0 ip6_tables 15235 2 ip6table_mangle,ip6table_filter xt_tcpudp 2319 13 xt_length 1164 0 xt_hl 1313 0 xt_tcpmss 1401 0 xt_TCPMSS 2935 0 iptable_mangle 2881 0 iptable_filter 2322 3 xt_multiport2267 1 xt_limit1782 0 xt_dscp 1805 0 ipt_REJECT 1953 0 I /think/ the IPv6 filter modules were auto-loaded by the vz init script, but I'm not sure about that. Thank you, Christian * Ola Lundqvist o...@inguza.com [100726 12:26]: Hi Christian Thanks for the information. What version of the kernel do you have installed now? And what modules are enabled on the host machine? // Ola On Mon, Jul 26, 2010 at 11:47:20AM +0200, Christian Hofstaedtler wrote: Hi Ola, * Ola Lundqvist o...@debian.org [100726 00:51]: Hi Christian I have just uploaded a 3.0.24-1 version of vzctl. Can you please check whether that version solves your problem. As current packages have not yet entered the archive, I've rebuilt 3.0.24-1 dated 26-Jul-2010 09:26 from incoming.debian.org (I'm on amd64), but my ip6tables problem is still here: ip6tables -nL ip6tables v1.4.8: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?) Perhaps ip6tables or your kernel needs to be upgraded. Thanks, Christian -- christian hofstaedtler -- --- Inguza Technology AB --- MSc in Information Technology / o...@inguza.comAnnebergsslingan 37\ | o...@debian.org 654 65 KARLSTAD| | http://inguza.com/Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --- -- christian hofstaedtler -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#590321: vzctl: ip6tables does not work in VE
Hi Christian And if you do lsmod in the virtual server, what do you get then? I assume you do ipv6 filtering in the virtual instance, right? // Ola On Mon, Jul 26, 2010 at 12:28:53PM +0200, Christian Hofstaedtler wrote: Hi Ola, Host: Linux squigley 2.6.32-5-openvz-amd64 #1 SMP Tue Jun 1 05:15:57 UTC 2010 x86_64 GNU/Linux % lsmod | egrep '^(xt|ipt|ip6)' ip6t_REJECT 2580 0 ip6table_mangle 3167 0 ip6table_filter 2448 0 ip6_tables 15235 2 ip6table_mangle,ip6table_filter xt_tcpudp 2319 13 xt_length 1164 0 xt_hl 1313 0 xt_tcpmss 1401 0 xt_TCPMSS 2935 0 iptable_mangle 2881 0 iptable_filter 2322 3 xt_multiport2267 1 xt_limit1782 0 xt_dscp 1805 0 ipt_REJECT 1953 0 I /think/ the IPv6 filter modules were auto-loaded by the vz init script, but I'm not sure about that. Thank you, Christian * Ola Lundqvist o...@inguza.com [100726 12:26]: Hi Christian Thanks for the information. What version of the kernel do you have installed now? And what modules are enabled on the host machine? // Ola On Mon, Jul 26, 2010 at 11:47:20AM +0200, Christian Hofstaedtler wrote: Hi Ola, * Ola Lundqvist o...@debian.org [100726 00:51]: Hi Christian I have just uploaded a 3.0.24-1 version of vzctl. Can you please check whether that version solves your problem. As current packages have not yet entered the archive, I've rebuilt 3.0.24-1 dated 26-Jul-2010 09:26 from incoming.debian.org (I'm on amd64), but my ip6tables problem is still here: ip6tables -nL ip6tables v1.4.8: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?) Perhaps ip6tables or your kernel needs to be upgraded. Thanks, Christian -- christian hofstaedtler -- --- Inguza Technology AB --- MSc in Information Technology / o...@inguza.comAnnebergsslingan 37\ | o...@debian.org 654 65 KARLSTAD| | http://inguza.com/Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --- -- christian hofstaedtler -- --- Inguza Technology AB --- MSc in Information Technology / o...@inguza.comAnnebergsslingan 37\ | o...@debian.org 654 65 KARLSTAD| | http://inguza.com/Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#590321: vzctl: ip6tables does not work in VE
Hi Ola, from a VE: percival# lsmod Module Size Used by percival# Note that, while there are no modules shown, iptables works, ip6tables doesn't. Yes, I'm trying to do ipv6 filtering in the VE, as my setup is veth based and therefore filtering on the host is tricky at best. Thanks, Christian * Ola Lundqvist o...@inguza.com [100726 12:33]: Hi Christian And if you do lsmod in the virtual server, what do you get then? I assume you do ipv6 filtering in the virtual instance, right? // Ola On Mon, Jul 26, 2010 at 12:28:53PM +0200, Christian Hofstaedtler wrote: Hi Ola, Host: Linux squigley 2.6.32-5-openvz-amd64 #1 SMP Tue Jun 1 05:15:57 UTC 2010 x86_64 GNU/Linux % lsmod | egrep '^(xt|ipt|ip6)' ip6t_REJECT 2580 0 ip6table_mangle 3167 0 ip6table_filter 2448 0 ip6_tables 15235 2 ip6table_mangle,ip6table_filter xt_tcpudp 2319 13 xt_length 1164 0 xt_hl 1313 0 xt_tcpmss 1401 0 xt_TCPMSS 2935 0 iptable_mangle 2881 0 iptable_filter 2322 3 xt_multiport2267 1 xt_limit1782 0 xt_dscp 1805 0 ipt_REJECT 1953 0 I /think/ the IPv6 filter modules were auto-loaded by the vz init script, but I'm not sure about that. Thank you, Christian * Ola Lundqvist o...@inguza.com [100726 12:26]: Hi Christian Thanks for the information. What version of the kernel do you have installed now? And what modules are enabled on the host machine? // Ola On Mon, Jul 26, 2010 at 11:47:20AM +0200, Christian Hofstaedtler wrote: Hi Ola, * Ola Lundqvist o...@debian.org [100726 00:51]: Hi Christian I have just uploaded a 3.0.24-1 version of vzctl. Can you please check whether that version solves your problem. As current packages have not yet entered the archive, I've rebuilt 3.0.24-1 dated 26-Jul-2010 09:26 from incoming.debian.org (I'm on amd64), but my ip6tables problem is still here: ip6tables -nL ip6tables v1.4.8: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?) Perhaps ip6tables or your kernel needs to be upgraded. Thanks, Christian -- christian hofstaedtler -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#590321: vzctl: ip6tables does not work in VE
Hi Christian I suspect that there is some fault in the ipv6 part of the openvz kernel. Best regards, // Ola On Mon, Jul 26, 2010 at 12:37:42PM +0200, Christian Hofstaedtler wrote: Hi Ola, from a VE: percival# lsmod Module Size Used by percival# Note that, while there are no modules shown, iptables works, ip6tables doesn't. Yes, I'm trying to do ipv6 filtering in the VE, as my setup is veth based and therefore filtering on the host is tricky at best. Thanks, Christian * Ola Lundqvist o...@inguza.com [100726 12:33]: Hi Christian And if you do lsmod in the virtual server, what do you get then? I assume you do ipv6 filtering in the virtual instance, right? // Ola On Mon, Jul 26, 2010 at 12:28:53PM +0200, Christian Hofstaedtler wrote: Hi Ola, Host: Linux squigley 2.6.32-5-openvz-amd64 #1 SMP Tue Jun 1 05:15:57 UTC 2010 x86_64 GNU/Linux % lsmod | egrep '^(xt|ipt|ip6)' ip6t_REJECT 2580 0 ip6table_mangle 3167 0 ip6table_filter 2448 0 ip6_tables 15235 2 ip6table_mangle,ip6table_filter xt_tcpudp 2319 13 xt_length 1164 0 xt_hl 1313 0 xt_tcpmss 1401 0 xt_TCPMSS 2935 0 iptable_mangle 2881 0 iptable_filter 2322 3 xt_multiport2267 1 xt_limit1782 0 xt_dscp 1805 0 ipt_REJECT 1953 0 I /think/ the IPv6 filter modules were auto-loaded by the vz init script, but I'm not sure about that. Thank you, Christian * Ola Lundqvist o...@inguza.com [100726 12:26]: Hi Christian Thanks for the information. What version of the kernel do you have installed now? And what modules are enabled on the host machine? // Ola On Mon, Jul 26, 2010 at 11:47:20AM +0200, Christian Hofstaedtler wrote: Hi Ola, * Ola Lundqvist o...@debian.org [100726 00:51]: Hi Christian I have just uploaded a 3.0.24-1 version of vzctl. Can you please check whether that version solves your problem. As current packages have not yet entered the archive, I've rebuilt 3.0.24-1 dated 26-Jul-2010 09:26 from incoming.debian.org (I'm on amd64), but my ip6tables problem is still here: ip6tables -nL ip6tables v1.4.8: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?) Perhaps ip6tables or your kernel needs to be upgraded. Thanks, Christian -- christian hofstaedtler -- --- Inguza Technology AB --- MSc in Information Technology / o...@inguza.comAnnebergsslingan 37\ | o...@debian.org 654 65 KARLSTAD| | http://inguza.com/Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#590321: vzctl: ip6tables does not work in VE
Package: vzctl Version: 3.0.23-18 Severity: important Tags: ipv6 Hi, I've just discovered, that in a squeeze VE on a squeeze OpenVZ host, ip6tables does not work: r...@guest:~# ip6tables -nL FATAL: Module ip6_tables not found. ip6tables v1.4.8: can't initialize ip6tables table `filter': Permission denied (you must be root) Perhaps ip6tables or your kernel needs to be upgraded. vz.conf vars: ## IPv4 iptables kernel modules IPTABLES=ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ## Enable IPv6 IPV6=yes ## IPv6 ip6tables kernel modules IP6TABLES=ip6_tables ip6table_filter ip6table_mangle ip6t_REJECT r...@guest:~# cat /proc/net/ip6_tables_names mangle filter I'm unsure where to go debug next; filing against vzctl as I think this is probably a configuration problem. Thanks, Christian -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-openvz-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#590321: vzctl: ip6tables does not work in VE
Hi Christian I have just uploaded a 3.0.24-1 version of vzctl. Can you please check whether that version solves your problem. Best regards, // Ola On Sun, Jul 25, 2010 at 11:47:51PM +0200, Christian Hofstaedtler wrote: Package: vzctl Version: 3.0.23-18 Severity: important Tags: ipv6 Hi, I've just discovered, that in a squeeze VE on a squeeze OpenVZ host, ip6tables does not work: r...@guest:~# ip6tables -nL FATAL: Module ip6_tables not found. ip6tables v1.4.8: can't initialize ip6tables table `filter': Permission denied (you must be root) Perhaps ip6tables or your kernel needs to be upgraded. vz.conf vars: ## IPv4 iptables kernel modules IPTABLES=ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ## Enable IPv6 IPV6=yes ## IPv6 ip6tables kernel modules IP6TABLES=ip6_tables ip6table_filter ip6table_mangle ip6t_REJECT r...@guest:~# cat /proc/net/ip6_tables_names mangle filter I'm unsure where to go debug next; filing against vzctl as I think this is probably a configuration problem. Thanks, Christian -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-openvz-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- - Ola Lundqvist --- / o...@debian.org Annebergsslingan 37 \ | o...@inguza.com 654 65 KARLSTAD | | http://inguza.com/ +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
