Hi I''ve got rhel4 (similar to fc3) running in a domU. The problem is I can''t get iptables running on it. I''ve enabled the iptables module in the xenU kernel as built in. Any one have any ideas Thanks in advance Shaz _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On 7/22/05, Shahzad Chohan <shahzad.chohan@gmail.com> wrote:> Hi > > I''ve got rhel4 (similar to fc3) running in a domU. The problem is I > can''t get iptables running on it. I''ve enabled the iptables module in > the xenU kernel as built in. Any one have any ideas >Just to add to my previous mail I get the following message: iptables -L iptables v1.2.11: can''t initialize iptables table `filter'': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. Any ideas how to fix this? Thanks Shaz _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Ernst Bachmann
2005-Jul-22 14:08 UTC
Re: [Xen-users] Re: IPtables support in xen for the domU
On Friday 22 July 2005 15:57, Shahzad Chohan wrote:> iptables -L > iptables v1.2.11: can''t initialize iptables table `filter'': iptables > who? (do you need to insmod?) > Perhaps iptables or your kernel needs to be upgraded. > > Any ideas how to fix this? >can you post the output of grep CONFIG_IP_NF <path-to-your-kernel>/.config The output should pretty much sum up what iptables options you compiled into your kernel, so we can see whats missing... /Ernst _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Shahzad Chohan
2005-Jul-22 14:43 UTC
Re: [Xen-users] Re: IPtables support in xen for the domU
On 7/22/05, Ernst Bachmann <e.bachmann@xebec.de> wrote:> On Friday 22 July 2005 15:57, Shahzad Chohan wrote: > > > iptables -L > > iptables v1.2.11: can''t initialize iptables table `filter'': iptables > > who? (do you need to insmod?) > > Perhaps iptables or your kernel needs to be upgraded. > > > > Any ideas how to fix this? > > > can you post the output of > > grep CONFIG_IP_NF <path-to-your-kernel>/.config > > The output should pretty much sum up what iptables options you compiled into > your kernel, so we can see whats missing... > > /Ernst >Hi Thanks for the reply. Ok here''s the output: [root@localhost xen-2.0]# grep CONFIG_IP_NF /root/xen/xen-2.0/linux-2.6.11-xenU/.config CONFIG_IP_NF_CONNTRACK=m CONFIG_IP_NF_CT_ACCT=y # CONFIG_IP_NF_CONNTRACK_MARK is not set # CONFIG_IP_NF_CT_PROTO_SCTP is not set CONFIG_IP_NF_FTP=m CONFIG_IP_NF_IRC=m CONFIG_IP_NF_TFTP=m # CONFIG_IP_NF_AMANDA is not set # CONFIG_IP_NF_QUEUE is not set CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_LIMIT=m CONFIG_IP_NF_MATCH_IPRANGE=m CONFIG_IP_NF_MATCH_MAC=m CONFIG_IP_NF_MATCH_PKTTYPE=m CONFIG_IP_NF_MATCH_MARK=m CONFIG_IP_NF_MATCH_MULTIPORT=m CONFIG_IP_NF_MATCH_TOS=m CONFIG_IP_NF_MATCH_RECENT=m CONFIG_IP_NF_MATCH_ECN=m CONFIG_IP_NF_MATCH_DSCP=m CONFIG_IP_NF_MATCH_AH_ESP=m CONFIG_IP_NF_MATCH_LENGTH=m CONFIG_IP_NF_MATCH_TTL=m CONFIG_IP_NF_MATCH_TCPMSS=m CONFIG_IP_NF_MATCH_HELPER=m CONFIG_IP_NF_MATCH_STATE=m CONFIG_IP_NF_MATCH_CONNTRACK=m CONFIG_IP_NF_MATCH_OWNER=m CONFIG_IP_NF_MATCH_ADDRTYPE=m CONFIG_IP_NF_MATCH_REALM=m CONFIG_IP_NF_MATCH_SCTP=m CONFIG_IP_NF_MATCH_COMMENT=m CONFIG_IP_NF_MATCH_HASHLIMIT=m CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m CONFIG_IP_NF_TARGET_LOG=m CONFIG_IP_NF_TARGET_ULOG=m CONFIG_IP_NF_TARGET_TCPMSS=m CONFIG_IP_NF_NAT=m CONFIG_IP_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=m CONFIG_IP_NF_TARGET_REDIRECT=m CONFIG_IP_NF_TARGET_NETMAP=m CONFIG_IP_NF_TARGET_SAME=m # CONFIG_IP_NF_NAT_SNMP_BASIC is not set CONFIG_IP_NF_NAT_IRC=m CONFIG_IP_NF_NAT_FTP=m CONFIG_IP_NF_NAT_TFTP=m CONFIG_IP_NF_MANGLE=m CONFIG_IP_NF_TARGET_TOS=m CONFIG_IP_NF_TARGET_ECN=m CONFIG_IP_NF_TARGET_DSCP=m CONFIG_IP_NF_TARGET_MARK=m CONFIG_IP_NF_TARGET_CLASSIFY=m CONFIG_IP_NF_RAW=m CONFIG_IP_NF_TARGET_NOTRACK=m CONFIG_IP_NF_ARPTABLES=m CONFIG_IP_NF_ARPFILTER=m CONFIG_IP_NF_ARP_MANGLE=m I hope this helps. Any ideas? Thanks Shaz _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Ernst Bachmann
2005-Jul-22 14:56 UTC
Re: [Xen-users] Re: IPtables support in xen for the domU
On Friday 22 July 2005 16:43, Shahzad Chohan wrote:> CONFIG_IP_NF_FILTER=mok, the "filter" table is a module, try "modprobe iptable_filter" also, make sure you have the right module tree INSIDE your domU (easy to forget that, since you''d usually compile the domU kernel inside dom0) if your module tree is in place, try running "depmod -a" to restore automatic module loading... if it still doesn''t auto-load the module, you''d have to add the modprobe call to your iptables startup script. (or to modules.autoload, depending on how your distribution handles such things) /Ernst _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users