New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Try -A FORWARD instead
Probably you can ask your hoster to enable the module 'state' ?
I have asked, but I am on 5th day without it getting fixed.
If they don't know how to load an iptables module and can't google it in 5 days - it's probably time to move on
Depending on what your network device is, This would only allow new(related) and current(established) packets to enter said device.
"iptables -A OUTPUT -o eth0/venet0 -m state --state ESTABLISHED,RELATED -j ACCEPT"
Edit: I found another command which may work, But I am pretty sure they both mean near to the same thing.
"iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i eth0/venet0 -p tcp"
Quick 5 Minute google and I found that command.
Ah, I thought you were on the host node, not that you were a container. My apologies.
As @yomero pointed out, you'll need the 'state' module. And as @rds100 followed up, you should probably consider moving on if you aren't getting modules inserted for you.
What kernel is the host node running?
Damian, it's running 2.6.32.
Problem is host have said this has been enabled, but it's not, but he will investigate.
"iptables: No chain/target/match by that name." still..
Thanks for posts so far, VPS is decent else, so I'd rather keep it (have some use planned if this gets fixed)
Cheers
From iptables conf
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
@nocom: That's what he has already, but with a different chain name. I don't think the order of the states matter.
I have this for last 20 days inside fireww.conf, its working already.
Thanks, but Damian is correct, its my own firewall script, but well tested and works like I said everyhwere else
@prometeus openvz solution is great, any input hehe?
This could also be caused by some incompatibility between the iptables version and the kernel's implementation of the limit module.
@bobby What's the distribution you use?
What exactly is the kernel (please paste uname -a)
2.6.32-274.7.1.el5.028stab095.1and im using squeeze32bit
@bobby that's actually a 2.6.18 OVZ kernel, it just lies that it is 2.6.32 to make some programs happier.
And confirmed that it should work fine with this kernel and squeeze 32bit:
Thanks for testing! But I'm asking if OVZ providers can provide their magic on hostside All my vps' are running my fw script without trouble
No magic, just load the xt_state module on the node.
Nm, host fixed it now
Too late as far i can see
Ah, I didn't suggest the state module as @yomero suggested it above so I looked for alternative commands to see if it would act the same as your command in the first post.
Anyway I'm glad the host got the module enabled and resolved this for you.