iptables in container problem

stony999

Renowned Member
Oct 22, 2010
20
1
68
Hello, I have setup a container with an OpenVPN server. I would like to restrict the connection between some OpenVPN clients, so I have setup iptables in the container.
What I have done so far: I have
  • set net.netfilter.nf_conntrack_acct=1 in sysctl
  • modprobed xt_tcpudp and ip_conntrack
See output:

[FONT=Courier New, monospace]proxmox3:/etc# lsmod |grep conn[/FONT]
[FONT=Courier New, monospace]nf_conntrack_ipv4 10143 7[/FONT]
[FONT=Courier New, monospace]nf_defrag_ipv4 1155 1 nf_conntrack_ipv4[/FONT]
[FONT=Courier New, monospace]nf_conntrack 46563 2 nf_conntrack_ipv4,xt_state[/FONT]

[FONT=Courier New, monospace]proxmox3:/etc# lsmod |grep ip[/FONT]
[FONT=Courier New, monospace]nf_conntrack_ipv4 10143 7[/FONT]
[FONT=Courier New, monospace]nf_defrag_ipv4 1155 1 nf_conntrack_ipv4[/FONT]
[FONT=Courier New, monospace]nf_conntrack 46563 2 nf_conntrack_ipv4,xt_state[/FONT]
[FONT=Courier New, monospace]iptable_mangle 2881 0[/FONT]
[FONT=Courier New, monospace]iptable_filter 2322 1[/FONT]
[FONT=Courier New, monospace]xt_multiport 2267 0[/FONT]
[FONT=Courier New, monospace]ipt_REJECT 1953 0[/FONT]
[FONT=Courier New, monospace]ip_tables 14107 2 iptable_mangle,iptable_filter[/FONT]
[FONT=Courier New, monospace]x_tables 13117 11 xt_tcpudp,xt_state,xt_length,xt_hl,xt_tcpmss,xt_TCPMSS,xt_multiport,xt_limit,xt_dscp,ipt_REJECT,ip_tables[/FONT]
[FONT=Courier New, monospace]

proxmox3:/etc# lsmod |grep xt_
[/FONT]
[FONT=Courier New, monospace]xt_tcpudp 2319 2[/FONT]
[FONT=Courier New, monospace]xt_state 1303 7[/FONT]
[FONT=Courier New, monospace]nf_conntrack 46563 2 nf_conntrack_ipv4,xt_state[/FONT]
[FONT=Courier New, monospace]xt_length 1164 0[/FONT]
[FONT=Courier New, monospace]xt_hl 1313 0[/FONT]
[FONT=Courier New, monospace]xt_tcpmss 1401 0[/FONT]
[FONT=Courier New, monospace]xt_TCPMSS 2935 0[/FONT]
[FONT=Courier New, monospace]xt_multiport 2267 0[/FONT]
[FONT=Courier New, monospace]xt_limit 1782 0[/FONT]
[FONT=Courier New, monospace]xt_dscp 1805 0[/FONT]
[FONT=Courier New, monospace]x_tables 13117 11 xt_tcpudp,xt_state,xt_length,xt_hl,xt_tcpmss,xt_TCPMSS,xt_multiport,xt_limit,xt_dscp,ipt_REJECT,ip_tables[/FONT]

In additon I have set to the container:
[FONT=Courier New, monospace]vzctl set 113 --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save

[/FONT]However, when I start an iptables script in the container I receive
[FONT=Courier New, monospace]iptables: No chain/target/match by that name[/FONT]

and the firewall is not started. What can I do to make this running? Any help is welcome.

Best regards
Peter
 
im trying the exact thing. From what I've read everywhere, openvpn only works in a KVM not openvz due to restrictions on kernel modules.

If you get this working, please let me know, as i cannot install in a kvm as my cpu is not vt-x
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!