PDA

View Full Version : OpenVZ fix: [FATAL Error: iptables: No chain/target/match by that name.]



Fli
06-09-2014, 01:06 PM
After OpenVZ host server reboot, OpenVZ VPS config server firewall was overloaded and i found config server firewall is not running. When start it (csf -r), it said:


iptables: Applying firewall rules: iptables-restore: line * failed [FAILED]

so i run csf test script: /etc/csf/csftest.pl

and it complained about errors regarding IPtables modules:




Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...FAILED [FATAL Error: iptables: No chain/target/match by that name.] - Required for csf to function
Testing ipt_multiport/xt_multiport...FAILED [FATAL Error: iptables: No chain/target/match by that name.] - Required for csf to function
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...FAILED [FATAL Error: iptables: No chain/target/match by that name.] - Required for csf to function
Testing ipt_limit/xt_limit...FAILED [FATAL Error: iptables: No chain/target/match by that name.] - Required for csf to function
Testing ipt_recent...OK
Testing xt_connlimit...FAILED [Error: iptables: Protocol wrong type for socket.] - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...FAILED [Error: iptables: No chain/target/match by that name.] - Required for SMTP_BLOCK and UID/GID blocking features
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf will not function on this server due to FATAL errors from missing modules [4]



so i dont know why iptables modules are NOT loaded on OpenVZ host server start, but i need to enable them manually on host openvz server by "modprobe" command. There is how to do it: http://internetlifeforum.com/security-protection/461-csf-iptables-module-list-modprobe-ipt_owner-xt_owner-bad-module-fix/