Of course /proc/sys/net/ipv4/tcp_syncookies doesn't exist on openvz guest and I have disabled syn-flood protection.
When I run manualy script(generates by vuurmuur -b) I receive:
iptables v1.4.2: Couldn't load target `ESTRELNFQUEUE':/lib/xtables/libipt_ESTRELNFQUEUE.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.2: Couldn't load target `ESTRELNFQUEUE':/lib/xtables/libipt_ESTRELNFQUEUE.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.2: Couldn't load target `ESTRELNFQUEUE':/lib/xtables/libipt_ESTRELNFQUEUE.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
iptables: Memory allocation problem
iptables v1.4.2: Couldn't load target `NEWQUEUE':/lib/xtables/libipt_NEWQUEUE.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.2: Couldn't load target `NEWQUEUE':/lib/xtables/libipt_NEWQUEUE.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.2: Couldn't load target `NEWQUEUE':/lib/xtables/libipt_NEWQUEUE.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
iptables: Memory allocation problem
etc.
Version of vuurmuur 0.7 and debian 6. At now I testing vuurmuur 0.8beta2.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This is standard kernel for debian: 2.6.26-2-openvz-686
At now I can't change the kernel to newer version but I can rebuild or upgrade iptables toolset.
On the host system(hardware node) I use vuurmuur also and there works well.
Version of iptables on guest: 1.4.8-3.
In free time I test it on another machine, maybe similarly configured.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello
I try to run vuurmuur on openvz guest. In error.log I have:
And vuurmuur.log:
Of course /proc/sys/net/ipv4/tcp_syncookies doesn't exist on openvz guest and I have disabled syn-flood protection.
When I run manualy script(generates by vuurmuur -b) I receive:
etc.
Version of vuurmuur 0.7 and debian 6. At now I testing vuurmuur 0.8beta2.
Can you do:
vuurmuur -b > test.sh
bash -x test.sh &> log
Then post/send the contents of "log"?
Thanks!
In Rules of vuurmuur I have only:
allow outgoing trafic,
allow incoming ssh trafic
I have disabled all anti-spoofing options. This is only for testing.
Sorry for this:
it should be:
To be honest I think the problems is in your iptables installation. You get errors on valid iptables rules like here:
+ /sbin/iptables -N SYNLIMIT
…
+ /sbin/iptables -N NEWQUEUE
+ /sbin/iptables -t filter -A NEWQUEUE -p tcp -m tcp -syn -j SYNLIMIT
iptables: No chain/target/match by that name.
Even more worrying is an error like this:
+ /sbin/iptables -t filter -A FORWARD -m mark -mark 0x0/0xff000000 -m state -state RELATED -j NEWACCEPT
iptables: Memory allocation problem.
Vuurmuur depends on iptables working properly.
Did you patch and recompile the kernel for openvz? If so you may also need to rebuild the iptables toolset.
This is standard kernel for debian: 2.6.26-2-openvz-686
At now I can't change the kernel to newer version but I can rebuild or upgrade iptables toolset.
On the host system(hardware node) I use vuurmuur also and there works well.
Version of iptables on guest: 1.4.8-3.
In free time I test it on another machine, maybe similarly configured.