Hello, I have setup a container with an OpenVPN server. I would like to restrict the connection between some OpenVPN clients, so I have setup iptables in the container.
What I have done so far: I have
[FONT=Courier New, monospace]proxmox3:/etc# lsmod |grep conn[/FONT]
[FONT=Courier New, monospace]nf_conntrack_ipv4 10143 7[/FONT]
[FONT=Courier New, monospace]nf_defrag_ipv4 1155 1 nf_conntrack_ipv4[/FONT]
[FONT=Courier New, monospace]nf_conntrack 46563 2 nf_conntrack_ipv4,xt_state[/FONT]
[FONT=Courier New, monospace]proxmox3:/etc# lsmod |grep ip[/FONT]
[FONT=Courier New, monospace]nf_conntrack_ipv4 10143 7[/FONT]
[FONT=Courier New, monospace]nf_defrag_ipv4 1155 1 nf_conntrack_ipv4[/FONT]
[FONT=Courier New, monospace]nf_conntrack 46563 2 nf_conntrack_ipv4,xt_state[/FONT]
[FONT=Courier New, monospace]iptable_mangle 2881 0[/FONT]
[FONT=Courier New, monospace]iptable_filter 2322 1[/FONT]
[FONT=Courier New, monospace]xt_multiport 2267 0[/FONT]
[FONT=Courier New, monospace]ipt_REJECT 1953 0[/FONT]
[FONT=Courier New, monospace]ip_tables 14107 2 iptable_mangle,iptable_filter[/FONT]
[FONT=Courier New, monospace]x_tables 13117 11 xt_tcpudp,xt_state,xt_length,xt_hl,xt_tcpmss,xt_TCPMSS,xt_multiport,xt_limit,xt_dscp,ipt_REJECT,ip_tables[/FONT]
[FONT=Courier New, monospace]
proxmox3:/etc# lsmod |grep xt_[/FONT]
[FONT=Courier New, monospace]xt_tcpudp 2319 2[/FONT]
[FONT=Courier New, monospace]xt_state 1303 7[/FONT]
[FONT=Courier New, monospace]nf_conntrack 46563 2 nf_conntrack_ipv4,xt_state[/FONT]
[FONT=Courier New, monospace]xt_length 1164 0[/FONT]
[FONT=Courier New, monospace]xt_hl 1313 0[/FONT]
[FONT=Courier New, monospace]xt_tcpmss 1401 0[/FONT]
[FONT=Courier New, monospace]xt_TCPMSS 2935 0[/FONT]
[FONT=Courier New, monospace]xt_multiport 2267 0[/FONT]
[FONT=Courier New, monospace]xt_limit 1782 0[/FONT]
[FONT=Courier New, monospace]xt_dscp 1805 0[/FONT]
[FONT=Courier New, monospace]x_tables 13117 11 xt_tcpudp,xt_state,xt_length,xt_hl,xt_tcpmss,xt_TCPMSS,xt_multiport,xt_limit,xt_dscp,ipt_REJECT,ip_tables[/FONT]
In additon I have set to the container:
[FONT=Courier New, monospace]vzctl set 113 --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save
[/FONT]However, when I start an iptables script in the container I receive
[FONT=Courier New, monospace]iptables: No chain/target/match by that name[/FONT]
and the firewall is not started. What can I do to make this running? Any help is welcome.
Best regards
Peter
What I have done so far: I have
- set net.netfilter.nf_conntrack_acct=1 in sysctl
- modprobed xt_tcpudp and ip_conntrack
[FONT=Courier New, monospace]proxmox3:/etc# lsmod |grep conn[/FONT]
[FONT=Courier New, monospace]nf_conntrack_ipv4 10143 7[/FONT]
[FONT=Courier New, monospace]nf_defrag_ipv4 1155 1 nf_conntrack_ipv4[/FONT]
[FONT=Courier New, monospace]nf_conntrack 46563 2 nf_conntrack_ipv4,xt_state[/FONT]
[FONT=Courier New, monospace]proxmox3:/etc# lsmod |grep ip[/FONT]
[FONT=Courier New, monospace]nf_conntrack_ipv4 10143 7[/FONT]
[FONT=Courier New, monospace]nf_defrag_ipv4 1155 1 nf_conntrack_ipv4[/FONT]
[FONT=Courier New, monospace]nf_conntrack 46563 2 nf_conntrack_ipv4,xt_state[/FONT]
[FONT=Courier New, monospace]iptable_mangle 2881 0[/FONT]
[FONT=Courier New, monospace]iptable_filter 2322 1[/FONT]
[FONT=Courier New, monospace]xt_multiport 2267 0[/FONT]
[FONT=Courier New, monospace]ipt_REJECT 1953 0[/FONT]
[FONT=Courier New, monospace]ip_tables 14107 2 iptable_mangle,iptable_filter[/FONT]
[FONT=Courier New, monospace]x_tables 13117 11 xt_tcpudp,xt_state,xt_length,xt_hl,xt_tcpmss,xt_TCPMSS,xt_multiport,xt_limit,xt_dscp,ipt_REJECT,ip_tables[/FONT]
[FONT=Courier New, monospace]
proxmox3:/etc# lsmod |grep xt_[/FONT]
[FONT=Courier New, monospace]xt_tcpudp 2319 2[/FONT]
[FONT=Courier New, monospace]xt_state 1303 7[/FONT]
[FONT=Courier New, monospace]nf_conntrack 46563 2 nf_conntrack_ipv4,xt_state[/FONT]
[FONT=Courier New, monospace]xt_length 1164 0[/FONT]
[FONT=Courier New, monospace]xt_hl 1313 0[/FONT]
[FONT=Courier New, monospace]xt_tcpmss 1401 0[/FONT]
[FONT=Courier New, monospace]xt_TCPMSS 2935 0[/FONT]
[FONT=Courier New, monospace]xt_multiport 2267 0[/FONT]
[FONT=Courier New, monospace]xt_limit 1782 0[/FONT]
[FONT=Courier New, monospace]xt_dscp 1805 0[/FONT]
[FONT=Courier New, monospace]x_tables 13117 11 xt_tcpudp,xt_state,xt_length,xt_hl,xt_tcpmss,xt_TCPMSS,xt_multiport,xt_limit,xt_dscp,ipt_REJECT,ip_tables[/FONT]
In additon I have set to the container:
[FONT=Courier New, monospace]vzctl set 113 --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save
[/FONT]However, when I start an iptables script in the container I receive
[FONT=Courier New, monospace]iptables: No chain/target/match by that name[/FONT]
and the firewall is not started. What can I do to make this running? Any help is welcome.
Best regards
Peter