Miscellaneous openVZ notes

From Notes_Wiki
Revision as of 07:12, 10 November 2012 by Saurabh (talk | contribs) (Created page with "=Miscellaneous openVZ notes= =Enabling iptables conntrack modules in container= By default iptables conntrack modules are not enabled for container. Hence '<tt>state</tt>' m...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Miscellaneous openVZ notes

Enabling iptables conntrack modules in container

By default iptables conntrack modules are not enabled for container. Hence 'state' module does not works properly within a container. To enable use of state module in container use: 

vzctl set <CID> --iptables iptable_filter --iptables ip_conntrack --save

Note that this requires container to be stopped and then started again. Also base machine should have the connection tracking modules installed and preferably even in use through base machines firewall.

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Miscellaneous_openVZ_notes&oldid=369"