Hi all, I have been trying to run an IDS system on OpenVZ based VPS which requires that I run this IPTABLES command : iptables -A FORWARD -j NFQUEUE However, so far I have not suceeded. I always get this errors: iptables: Unknown error 4294967295 Even when the NFQUEUE IP modules was enabled by the VPS provider, I still get these errors and this appears to be OpenVZ bug. So I want to migrate to XEN based VPS and I would like to know if this issue is known and if I can use NFQUEUE on XEN based VPS. Thanks _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Fajar A. Nugraha
2012-Jan-03 07:30 UTC
Re: Netfilter QUEUE (NFQUEUE) Support on XEN based VPS
On Tue, Dec 27, 2011 at 7:46 PM, osawore ore <lamboo7000@yahoo.com> wrote:> So I want to migrate to XEN based VPS and I would like to know if this issue > is known and if I can use NFQUEUE on XEN based VPS.It depends. If your VPS provider uses Xen HVM (or KVM, vmware, or any other full virtualization technology) then you can pretty much install whatever OS you want on that, including your usual-distro-that-you''ve-tested-to-have-NFQUEUE-support. If your VPS provider uses XEN PV, then you need to ask your provider if they allow you to use your own kernel. If you can, then it''s quite similar to full virtualization case. If you can''t (e.g. you''re stuck with your provider''s kernel), then you need to bug them. For example, Amazon EC2 supports using your own kernel since 2010: http://aws.typepad.com/aws/2010/07/use-your-own-kernel-with-amazon-ec2.html -- Fajar
Apparently Analagous Threads
- [Bug 1742] New: using nfqueue breaks SCTP connection (tracking)
- [Bug 992] New: Missing space between NFQUEUE extra parameters
- [Bug 939] New: extensions: NFQUEUE: missing cpu-fanout
- [Bug 1322] New: Accepting in an nfqueue breaks multi-chain processing
- Shorewall 4.1.0