CSF on VM - Virtuozzo 7 problems

Post Reply
chrisduk112
Junior Member
Posts: 2
Joined: 10 Jan 2020, 21:39

CSF on VM - Virtuozzo 7 problems

Post by chrisduk112 »

HI

We just moved a handful of VMs from OpenVZ v6 to a Virtuozzo 7 server.

all cPanel/.DA servers with CSF have issues.
When trying to enable CSF we get this:

Code: Select all

csf: FASTSTART loading Packet Filter (IPv4)
Error: FASTSTART: (Packet Filter IPv4) [] [iptables-restore: line 14 failed]. Try restarting csf with FASTSTART disabled, at line 5538
I then run: /etc/csf/csftest.pl

Code: Select all

root@server2 [~]# /etc/csf/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...FAILED [FATAL Error: iptables: No chain/target/match by that name.] - Required for csf to function
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...FAILED [Error: iptables: No chain/target/match by that name.] - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...FAILED [Error: iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for MESSENGER feature
Testing iptable_nat/ipt_DNAT...FAILED [Error: iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for csf.redirect feature

RESULT: csf will not function on this server due to FATAL errors from missing modules [1]
iptables and firewalld services are enabled on the Virtuozzo 7 host.

I googled the error and someone said on another group to run this on the host:

sudo modprobe ip_tables
sudo echo 'ip_tables' >> /etc/modules

and try again but this didn't help.

Any suggestions or guidance???
websavers
Junior Member
Posts: 17
Joined: 04 Sep 2013, 13:46

Re: CSF on VM - Virtuozzo 7 problems

Post by websavers »

At the bottom of this article: https://wiki.openvz.org/Setting_up_an_iptables_firewall

You'll find the likely solution:

to enable iptables you need to make sure that CT.conf(CT - id of your container, 100 for example) contains following line:

NETFILTER="full"

Then restart the container.
Post Reply