Enable Iptables Modules for a VPS

Below was the error while trying to install CSF in one of the OpenVz containers:

    ----------------------------------error--------------------------------
    [root@abc ~]# perl /etc/csf/csftest.pl
    Testing ip_tables/iptable_filter...OK
    Testing ipt_LOG...FAILED [ 4294967295] - Required for csf to function
    Testing ipt_multiport/xt_multiport...FAILED [FATAL Error: iptables: Unknown error 4294967295] - Required for csf to function
    Testing ipt_REJECT...OK
    Testing ipt_state/xt_state...FAILED [FATAL Error: iptables: Unknown error 4294967295] - Required for csf to function
    Testing ipt_limit/xt_limit...FAILED [FATAL Error: iptables: Unknown error 4294967295] - Required for csf to function
    Testing ipt_recent...FAILED [Error: iptables: Unknown error 4294967295] - Required for PORTFLOOD and PORTKNOCKING features
    Testing xt_connlimit...FAILED [Error: iptables: Unknown error 4294967295] - Required for CONNLIMIT feature
    Testing ipt_owner/xt_owner...FAILED [Error: iptables: Unknown error 4294967295] - Required for SMTP_BLOCK and UID/GID blocking features
    Testing iptable_nat/ipt_REDIRECT...FAILED [Error: iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for MESSENGER feature
    Testing iptable_nat/ipt_DNAT...FAILED [Error: iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for csf.redirect feature
    ---------------------------------------------------------------



Enable Iptables Modules for a VPS:-




1 . Before enabling the modules to a VPS , make sure that its enabled in the root node of the VPS. You can check it using the command :

lsmod | grep -i module_name



2. If its not enabled, then it can enable by using the modprobe command :-



    modprobe iptables_module

    modprobe ipt_helper

    modprobe ipt_REDIRECT

    modprobe ipt_TCPMSS

    modprobe ipt_LOG

    modprobe ipt_TOS

    modprobe iptable_nat

    modprobe ipt_length

    modprobe ipt_tcpmss

    modprobe iptable_mangle

    modprobe ipt_tos

    modprobe iptable_filter

    modprobe ipt_helper

    modprobe ipt_tos

    modprobe ipt_ttl

    modprobe ipt_SAME

    modprobe ipt_REJECT

    modprobe ipt_helper

    modprobe ipt_owner

    modprobe ip_tables

    modprobe ipt_MASQUERADE

    modprobe ipt_multiport/xt_multiport

    modprobe ipt_state/xt_state

    modprobe ipt_limit/xt_limit

    modprobe ipt_recent

    modprobe xt_connlimit

    modprobe ipt_owner/xt_owner

    modprobe iptable_nat/ipt_DNAT

    modprobe iptable_nat/ipt_REDIRECT



3. Stop the container which one you want to enable the module :

    # vzctl stop 101



4 . Executing the following command:-



a) By Command:
Execute following command to enable all the modules for the VPS


    # vzctl set 101 --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save

or



b) Adding Rules manually:

Open the VPS configuration file which exists at /etc/vz/conf/veid.conf and paste following in the last line of the file.

    
    IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc"



5. Restart the container.

    # vzctl restart 101