module CSF on vm failed

  • Thread starter Thread starter Bapu Desi
  • Start date Start date
B

Bapu Desi

Guest
xt_connlimit on vm failed

Hello proxmox members,
i have installed CSF on my vm but i have only 1 error i have fixed all others but can't find solution for 1 only.

on Vm

server24535:~# /etc/csf/csftest.pl

Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...FAILED [Error: iptables: Unknown error 18446744073709551615] - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Click to expand...

I would like to fix xt_connlimit.
Network is set as bridge and not venet.

on main server i have set for my /etc/vz/vz.conf

## IPv4 iptables kernel modules
IPTABLES="ipt_REJECT ipt_recent ipt_owner ipt_REDIRECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_le ipt_length ipt_state iptable_nat ip_nat_ftp"
Click to expand...

also do i need to edit
thes files?

/var/lib/vz/private/101/etc/sysconfig/iptables-config
/var/lib/vz/private/102/etc/sysconfig/iptables-config
/var/lib/vz/root/101/etc/sysconfig/iptables-config
/var/lib/vz/root/102/etc/sysconfig/iptables-config
Click to expand...
thank you in advance for your help
 
Last edited by a moderator:
Re: xt_connlimit on vm failed

Hello,
can anyone help me please.
thank you in advance
 
Re: xt_connlimit on vm failed

Bapu Desi said:
Hello,
can anyone help me please.
thank you in advance
Click to expand...

please never post useless messages such this without any content to the topic.
 
Re: xt_connlimit on vm failed

Bapu Desi said:
on main server i have set for my /etc/vz/vz.conf
Click to expand...

I guess you need to add the 'xt_connlimit' module there.

EDIT: That module should be avaiable on all PVE kernels, including 2.6.18
 
Last edited:
Re: xt_connlimit on vm failed

Hello,
thank very much for your reply and help.
now my file look like this

## IPv4 iptables kernel modules
IPTABLES="ipt_REJECT ipt_recent ipt_owner ipt_REDIRECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_le ipt_length ipt_state iptable_nat ip_nat_ftp xt_connlimit"
Click to expand...

i have edit it now getting this these error when entering in the VM


server24535:~# vzctl enter 101
Warning: Unknown iptable module: ipt_le, skipped
Warning: Unknown iptable module: xt_connlimit, skipped
Click to expand...

Thank you
 
Last edited by a moderator:
Re: xt_connlimit on vm failed

I just did a small testinstallation on a fresh box with the latest Proxmox VE. I followed this guide: http://www.configserver.com/free/csf/install.txt

Code: 
proxmox-5-15:~/csf# pveversion -v
pve-manager: 1.8-18 (pve-manager/1.8/6070)
running kernel: 2.6.32-4-pve
proxmox-ve-2.6.32: 1.8-33
pve-kernel-2.6.32-4-pve: 2.6.32-33
qemu-server: 1.1-30
pve-firmware: 1.0-11
libpve-storage-perl: 1.0-17
vncterm: 0.9-2
vzctl: 3.0.27-1pve1
vzdump: 1.2-13
vzprocps: 2.0.11-2
vzquota: 3.0.11-1
pve-qemu-kvm: 0.14.1-1
ksm-control-daemon: 1.0-6

and the test script does not show any issue.

Code: 
proxmox-5-15:~/csf# perl /etc/csf/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK


RESULT: csf should function on this server
 
Re: xt_connlimit on vm failed

then what is the process in VM? did you set something on it? or only /etc/vz/vz.conf
i have reisntalled the server but still same problem

Thank you for your help
 
Last edited by a moderator:
Re: xt_connlimit on vm failed

Bapu Desi said:
then what is the process in VM? did you set something on it? or only /etc/vz/vz.conf
i have reisntalled the server but still same problem
Click to expand...

Try to add 'xt_connlimit' to /etc/modules (on the host) - that way it gets loaded at boot time. Does that help?
 
Re: xt_connlimit on vm failed

Thank you

same problem i have added xt_connlimit to modules on host

Thank you for your help
 
Re: xt_connlimit on vm failed

Thank you for your help.
I have thesere errors like when starting stopping vm when login.
Yes i have rebooted.
Warning: Unknown iptable module: ipt_le, skipped
Warning: Unknown iptable module: xt_connlimit, skipped
Click to expand...
 
Re: xt_connlimit on vm failed

Bapu Desi said:
I have thesere errors like when starting stopping vm when login.
Click to expand...

I can't see any errors - that are just warnings (because you can't load any modules inside OpenVZ VMs).

But that should no be a problem, because you already loaded the modules on the host.
 
Re: xt_connlimit on vm failed

actually it's a problem for the VM user my server was hacked then i have decided to use CSF but getting these warning any idea for loading them or force loading?

Thank you very much i reallly need help
 
Re: xt_connlimit on vm failed

I test the csf on vz. With CentOS 5 failed, but in the same Host with Debian 6 guest , the test script run ok. Maybe some problem with Centos Template...
 
Re: xt_connlimit on vm failed

I have the same issue with a Debian VM

Host specs:
pve-manager: 1.9-26 (pve-manager/1.9/6567)
running kernel: 2.6.32-6-pve
proxmox-ve-2.6.32: 1.9-55
pve-kernel-2.6.32-6-pve: 2.6.32-55
qemu-server: 1.1-32
pve-firmware: 1.0-14
libpve-storage-perl: 1.0-19
vncterm: 0.9-2
vzctl: 3.0.29-3pve1
vzdump: 1.2-16
vzprocps: 2.0.11-2
vzquota: 3.0.11-1dso1
pve-qemu-kvm: 0.15.0-2
ksm-control-daemon: 1.0-6


Tried loading manually on /etc/modules but did not work

The host machine test of CSF works fine (no errors on host) but get that error on VM

My vz.conf

IPTABLES="ipt_REJECT ipt_recent ipt_owner ipt_REDIRECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

Tried adding "xt_connlimit" at the end but this reports an error on VZ start:
Warning: Unknown iptable module: xt_connlimit, skipped
 
Re: xt_connlimit on vm failed

luison said:
I have the same issue with a Debian VM

Host specs:
pve-manager: 1.9-26 (pve-manager/1.9/6567)
running kernel: 2.6.32-6-pve
proxmox-ve-2.6.32: 1.9-55
pve-kernel-2.6.32-6-pve: 2.6.32-55
qemu-server: 1.1-32
pve-firmware: 1.0-14
libpve-storage-perl: 1.0-19
vncterm: 0.9-2
vzctl: 3.0.29-3pve1
vzdump: 1.2-16
vzprocps: 2.0.11-2
vzquota: 3.0.11-1dso1
pve-qemu-kvm: 0.15.0-2
ksm-control-daemon: 1.0-6


Tried loading manually on /etc/modules but did not work

The host machine test of CSF works fine (no errors on host) but get that error on VM

My vz.conf

IPTABLES="ipt_REJECT ipt_recent ipt_owner ipt_REDIRECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

Tried adding "xt_connlimit" at the end but this reports an error on VZ start:
Warning: Unknown iptable module: xt_connlimit, skipped
Click to expand...

the same probleme in Centos 5 template .

some result :

Code: 
vzctl set <mdid> --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --xt_connlimit --save
Warning: Unknown iptable module: xt_connlimit, skipped
vzctl: unrecognized option `--xt_connlimit

the lsmod show the module loaded

Code: 
Module                  Size  Used by
xt_DSCP                 2847  0
xt_helper               1447  0
ipt_MASQUERADE          1990  0
xt_connlimit            3505  0
xt_conntrack            4062  0
nf_nat_ftp              3489  0
nf_conntrack_ftp       12799  1 nf_nat_ftp
ipt_REDIRECT            1854  0
iptable_nat             6332  0
xt_owner                2160  4
xt_recent               8611  0
xt_state                1474  53

anysolution for this ?
 
You must log in or register to reply here.
Top Bottom