[EMAIL PROTECTED] wrote: > Hello Tom! Aleksandr,
In the future, please don't send your Shorewall support requests directly to me. Please see http://www.shorewall.net/support.htm: > I try to start last version of shorewall-4.0.2 under openvz environment > in virtual server and get follow error messages: > > gate ~ # shorewall check > Checking... > > Checking... > FATAL: Error inserting nfnetlink > (/lib/modules/2.6.18-028stab035/kernel/net/netfilter/nfnetlink.ko): > Operation not permitted < endless list of similar error messages discarded> > Operation not permitted > Checking /etc/shorewall/zones... > Determining Hosts in Zones... > Preprocessing Action Files... > Pre-processing /usr/share/shorewall/action.Drop... > Pre-processing /usr/share/shorewall/action.Reject... > Checking Kernel Route Filtering... > Checking Martian Logging... > Checking MAC Filtration -- Phase 1... > Checking /etc/shorewall/rules... > Generating Transitive Closure of Used-action List... > Processing /usr/share/shorewall/action.Reject for chain Reject... > Processing /usr/share/shorewall/action.Drop for chain Drop... > Checking MAC Filtration -- Phase 2... > Applying Policies... > Generating Rule Matrix... > Shorewall configuration verified > > > I have all iptables modules (that supported by OpenVZ) installed, > loaded and working but under virtual > server its are invisible (if i correct understand). This is parameter in > vz.conf: > > IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos > ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length > ip_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc > ipt_REDIRECT xt_mac" > > On the host node all OK: > > vserver1 / # shorewall check > Checking... > Checking /etc/shorewall/zones... > Determining Hosts in Zones... > Preprocessing Action Files... > Pre-processing /usr/share/shorewall/action.Drop... > Pre-processing /usr/share/shorewall/action.Reject... > Checking Kernel Route Filtering... > Checking Martian Logging... > Checking MAC Filtration -- Phase 1... > Checking /etc/shorewall/rules... > Generating Transitive Closure of Used-action List... > Processing /usr/share/shorewall/action.Reject for chain Reject... > Processing /usr/share/shorewall/action.Drop for chain Drop... > Checking MAC Filtration -- Phase 2... > Applying Policies... > Generating Rule Matrix... > Shorewall configuration verified > > Shorewall-4.0.2 really needed all iptables modules? Please see Shorewall FAQ 59. It describes how to limit the set of modules that Shorewall tries to load. > Shorewall-3.2.9 checked without any errors. > Can i disable shorewall check modules or there is other solve for > this problem? Again, please see Shorewall FAQ 59. In your case, you could probably just create an empty /etc/shorewall/modules in the virtual server. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
