Bug in ip6tables under VE , impossible to do firewalling from VE

zis

New Member
Nov 25, 2010
4
0
1
Hi,

I am trying to get ipv6 to work under proxmox 1.6

Everything is working fine, i can ping ipv6.google.com etc.
Except from the VE it is impossible to add firewall rules. (Ipv6 networking in VE is working fine)

i get this error:
ip6tables v1.4.6: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.


It looks like the ip6tables modules are not loaded but in the vz.conf everything looks fine:
## Enable IPv6
IPV6="yes"

## IPv6 ip6tables kernel modules
IP6TABLES="ip6_tables ip6table_filter ip6table_mangle ip6t_REJECT"

Also on the HN it is possible to add firewall rules and the modules are loaded:
$lsmod | grep ip6

ip6t_rt 1864 0
ip6t_REJECT 2484 0
ip6table_mangle 3167 0
ip6table_filter 2448 0
ip6_tables 15219 3 ip6t_rt,ip6table_mangle,ip6table_filter
x_tables 13117 15 xt_conntrack,ip6t_rt,ip6t_REJECT,ip6_tables,xt_length,xt_hl,xt_tcpmss,xt_TCPMSS,xt_multiport,xt_limit,xt_dscp,ipt_REJECT,ip_tables,xt_state,xt_tcpudp

Is there anyone using ip6tables in a VE ?

Also tried upgrading to latest version in pvetest, tried debian 5 i386 / x64 , debian 6 i386 / x64.

Any help would be appreciated.
 
which kernel branch do you use?
 
Linux px3 2.6.32-4-pve #1 SMP Mon Nov 15 07:27:08 CET 2010 x86_64 GNU/Linux

Thank you very much for your reply.
 
does it work with our 2.6.18 kernel? can you try?
 
Also tried this one :
Linux px3 2.6.35-1-pve #1 SMP Tue Oct 26 11:05:44 CEST 2010 x86_64 GNU/Linux
But this one doesnt have VZ support. Now i tried the 2.6.18 kernel:
Linux px3 2.6.18-4-pve #1 SMP Mon Oct 11 12:05:41 CEST 2010 x86_64 GNU/Linux

And yes, this works! I only tried upgrading not downgrading.

ip6tables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Can i use this kernel in a production environment with KVM & OpenVZ machines ?.. All proxmox 1.6.

Thank you very much for your suggestion i've been trying for a day now to get ip6tables to work. (adding modules etc etc)
 
the 2.6.18 is the only one with stable OpenVZ. and the KVM is also fine. Generally speaking, this kernel is based on the very stable RHEL55 kernel.

yes, recommended for production.
 
Thank you very much Tom for your support.

I only think if i use the 2.6.18 kernel on my production server stuff like the DELL Perc 5/c and the broadcom network adapter will not work. I will try :)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!