Enable Iptables Modules for a VPS
Below was the typical error while trying to install CSF in one of the OpenVz containers:
----------------------------------error--------------------------------
[root@abc ~]# perl /etc/csf/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...FAILED [ 4294967295] - Required for csf to function
Testing ipt_multiport/xt_multiport...FAILED [FATAL Error: iptables: Unknown error 4294967295] - Required for csf to function
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...FAILED [FATAL Error: iptables: Unknown error 4294967295] - Required for csf to function
Testing ipt_limit/xt_limit...FAILED [FATAL Error: iptables: Unknown error 4294967295] - Required for csf to function
Testing ipt_recent...FAILED [Error: iptables: Unknown error 4294967295] - Required for PORTFLOOD and PORTKNOCKING features
Testing xt_connlimit...FAILED [Error: iptables: Unknown error 4294967295] - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...FAILED [Error: iptables: Unknown error 4294967295] - Required for SMTP_BLOCK and UID/GID blocking features
Testing iptable_nat/ipt_REDIRECT...FAILED [Error: iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for MESSENGER feature
Testing iptable_nat/ipt_DNAT...FAILED [Error: iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for csf.redirect feature
---------------------------------------------------------------
Enable Iptables Modules for a VPS:-
1 . Before enabling the modules to a VPS , make sure that its enabled in the root node of the VPS. You can check it using the command :
lsmod | grep -i module_name
2. If its not enabled, then it can enable by using the modprobe command :-
modprobe iptables_module
modprobe ipt_helper
modprobe ipt_REDIRECT
modprobe ipt_TCPMSS
modprobe ipt_LOG
modprobe ipt_TOS
modprobe iptable_nat
modprobe ipt_length
modprobe ipt_tcpmss
modprobe iptable_mangle
modprobe ipt_tos
modprobe iptable_filter
modprobe ipt_helper
modprobe ipt_tos
modprobe ipt_ttl
modprobe ipt_SAME
modprobe ipt_REJECT
modprobe ipt_helper
modprobe ipt_owner
modprobe ip_tables
modprobe ipt_MASQUERADE
modprobe ipt_multiport/xt_multiport
modprobe ipt_state/xt_state
modprobe ipt_limit/xt_limit
modprobe ipt_recent
modprobe xt_connlimit
modprobe ipt_owner/xt_owner
modprobe iptable_nat/ipt_DNAT
modprobe iptable_nat/ipt_REDIRECT
3. Stop the container which one you want to enable the module :
# vzctl stop 101
4 . Executing the following command:-
a) By Command:
Execute following command to enable all the modules for the VPS
# vzctl set 101 --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save
or
b) Adding Rules manually:
Open the VPS configuration file which exists at /etc/vz/conf/veid.conf and paste following in the last line of the file.
IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc"
5. Restart the container.
# vzctl restart 101
