[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] How to add iptables modules to Domu Kernel??

  • To: Sadique <sadique@xxxxxxxxxxxxxxxxxxx>
  • From: "Anand Gupta" <xen.mails@xxxxxxxxx>
  • Date: Thu, 8 Jun 2006 00:53:28 +0530
  • Cc: miguel c <muxutzu@xxxxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Wed, 07 Jun 2006 12:24:10 -0700
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=b/fezx8oyKU+E/DJqcjbKqTNpzJ23VB7IsHJ7pN8vBIDFGXXVKgle1hzHlo4IGwhG/XctxpEggY9PTn/VUQsWLH4V0xSyLjq7jVHOJ8wRTLLOaTmdXwl4Ox/ney4Os01JtftL7PRuCTYOI6ORdQITuf+zNunA3ZvfAV4j4g/F8o=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
I am using xen 3.0.2 stable and iptables is compiled as module.

Inside domU, i tried the following

-bash-3.00# modprobe iptable_filter
ip_tables: (C) 2000-2006 Netfilter Core Team
-bash-3.00# modprobe iptable_raw
-bash-3.00# modprobe iptable_nat
Netfilter messages via NETLINK v0.30.
ip_conntrack version 2.4 (1056 buckets, 8448 max) - 312 bytes per conntrack
-bash-3.00# modprobe iptable_mangle

Now if i try to load iptables rpm, and run iptables -L, i get the following

iptables v1.2.11: can't initialize iptables table `filter': Module is wrong version
Perhaps iptables or your kernel needs to be upgraded.

Any ideas on how to solve it ?

On 5/27/06, Sadique <sadique@xxxxxxxxxxxxxxxxxxx> wrote:
I am not sure whether iptables module is compiled into the Dom-U kernel
by default in xen binary packages.
The best option for you should be to complie xen kernel from source and
add iptables support statically to the kernel.

make menuconfig
Networking  ---> Networking options  --->  Network packet filtering
(replaces ipchains)  --->  Core Netfilter Configuration  --->  Netfilter
Xtables support (required for ip_tables) and do enable all modules
included in that as per your need.
Then go to - Networking  ---> Networking options  --->  Network packet
filtering (replaces ipchains)  ---> IP: Netfilter Configuration  --->
IP tables support (required for filtering/masq/NAT)

You can only go to the second step after doing the first one.


It's best you add the iptables support statically into the kernel rather than enabling it as a module. Why? If you compile it as a module you need to copy the module to every Dom-U manually.

Thanks
Sadique

miguel c wrote:

> Hi, I'm running xen 2.0 in a Fedora Core 3 distro. My problem is that
> I want to configure a virtual machine so that works as a
> firewall/router. So, I need iptables working on this one.
> Unfortunately I must have some modules loaded such as ip_tables,
> iptables_nat, etc.
> Where can I do this without making mad trying it?
> Thank you  very much
>
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
>
>


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users



--
regards,

Anand Gupta 
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.