All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
NAT not available inside OpenVZ VM
Host:
CentOS 6
Linux atom 2.6.32-042stab088.4 #1 SMP Thu Apr 3 17:41:05 MSK 2014 x86_64 x86_64 x86_64 GNU/Linux
lsmod | grep nat
nf_nat_ftp 3523 0
nf_conntrack_ftp 12929 1 nf_nat_ftp
iptable_nat 6302 0
nf_nat 23213 4 vzrst,nf_nat_ftp,ipt_REDIRECT,iptable_nat
nf_conntrack_ipv4 9946 3 iptable_nat,nf_nat
nf_conntrack 80281 9 vzrst,vzcpt,nf_nat_ftp,nf_conntrack_ftp,xt_state,xt_helper,iptable_nat,nf_nat,nf_conntrack_ipv4
ip_tables 18119 3 iptable_nat,iptable_mangle,iptable_filter
vz.conf:
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ip6_tables ip6table_filter ip6table_mangle ip6t_REJECT iptable_nat ip_conntrack ipt_REDIRECT ipt_helper ipt_LOG ipt_state ip_tables ip_conntrack_ftp ip_nat_ftp"
102.conf:
IPTABLES="ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp "
VM:
**Debian 5
**Linux testvm 2.6.32-042stab088.4 #1 SMP Thu Apr 3 17:41:05 MSK 2014 i686 GNU/Linux
iptables -L -t nat
iptables v1.4.14: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
What am I doing wrong? I want NAT to be available inside the VM.
Comments
For which module? On HOST or on VM?
Enable modprobe on the host.
I tried modprobing iptable_nat & restarting VM but no difference. I should note that iptables -L -t nat executes fine on the host. I wonder if the issue is a 64bit host vs. 32bit VM?
Have you rebooted the hosts after adding modules?
This is the example of my enabled modules, in /etc/sysconfig/modules/enabled.modules
Tried creating the above file but no luck. What OS are you guys using as host?
Check recent changes in vzctl.
http://openvz.org/Man/vzctl.8#Netfilter_.28iptables.29_control_parameters
vzctl set CTID --netfilter full --save
are you using nat and masquerade in the same iptables command? masquerade is not useable in openVZ yet.. you have to use an alternative, like DNAT...
iptables -t nat -A PREROUTING -i tun0 -j DNAT --to-destination container.ip
http://forum.openvz.org/index.php?t=msg&goto=8117
THANK YOU! This fixed it! Now time to register summerhost.us and post an offer just kidding
Really? Go debian 7, it's 2014.
FIRST it was Ploop. NOW it's iptables/netfilter. WHEN will they learn to INFORM PEOPLE WHEN MAKING THESE SORTS OF CHANGES?
Yea thing that makes this most frustrating is they don't even push out a error, you can run all the same steps you might have in the previous version with --iptables. It just acts like it accepts it, but no worky. I finally found this in my own searches last week. A simple hey this is depreciated or obsolete when trying to use --iptables would have been nice.
I too am quite worried about the number of unwanted changes creeping into the repo they are running for an enterprise distribution (CentOS). Things like this should NOT be changing as it caused us all sorts of issues!!
.....or you and everyone else (including myself) could keep up with the industry and read the change logs. It is never a good idea to update production environments with software that you have not taken the time to read about potential changes that go beyond bug fixes.
What about all the guides written on the topic which become invalid?
That is why they make revisions to guides. Sometimes they take a while to get developed, however they are generally updated.