В openvz rhel-ядре поломали NAT.
[root@tuk ~]# uname -a
Linux tuk 2.6.18-8.el5.028stab021.1 #1 SMP Mon Mar 12 18:38:14 MSK 2007 i686 i686 i386 GNU/Linux
[root@tuk ~]# iptables -t nat -L
iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
[root@tuk ~]# lsmod|grep ip
iptable_nat 13316 0
ip_nat 21776 2 iptable_nat,vzrst
ipt_ttl 5888 0
ipt_TCPMSS 8192 0
iptable_mangle 8704 1
xt_multiport 7168 0
ipt_tos 5760 0
ipt_REJECT 9344 0
ipv6 259104 21 vzrst,vzcpt,vzmon
ip_conntrack_netbios_ns 6912 0
ip_conntrack 60228 5 iptable_nat,vzrst,ip_nat,vzcpt,ip_conntrack_netbios_ns
nfnetlink 10648 2 ip_nat,ip_conntrack
iptable_filter 8576 2
ip_tables 17992 3 iptable_nat,iptable_mangle,iptable_filter
x_tables 19204 11 iptable_nat,xt_tcpudp,xt_length,ipt_ttl,xt_tcpmss,ipt_TCPMSS,xt_multiport,xt_limit,ipt_tos,ipt_REJECT,ip_tables
dm_multipath 21512 0
dm_mod 56600 2 dm_mirror,dm_multipath
[root@tuk ~]# strace iptables -t nat -L
execve("/sbin/iptables", ["iptables", "-t", "nat", "-L"], [/* 20 vars */]) = 0
brk(0) = 0x8402000
uname({sys="Linux", node="tuk", ...}) = 0
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=11700, ...}) = 0
mmap2(NULL, 11700, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f53000
close(3) = 0
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000[Y\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=16528, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f52000
mmap2(0x595000, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x595000
mmap2(0x597000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x597000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\300F\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1576920, ...}) = 0
mmap2(0x456000, 1295780, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x110000
mmap2(0x247000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x137) = 0x247000
mmap2(0x24a000, 9636, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x24a000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f51000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f516c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0x247000, 8192, PROT_READ) = 0
mprotect(0x597000, 4096, PROT_READ) = 0
mprotect(0x452000, 4096, PROT_READ) = 0
munmap(0xb7f53000, 11700) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x40 /* IP_??? */, 0xbfe2eeb4, 0xbfe2eea8) = -1 ENOENT (No such file or directory)
close(3) = 0
open("/proc/sys/kernel/modprobe", O_RDONLY) = 3
brk(0) = 0x8402000
brk(0x8423000) = 0x8423000
read(3, "/sbin/modprobe\n", 1024) = 15
close(3) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f51708) = 4854
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 4854
--- SIGCHLD (Child exited) @ 0 (0) ---
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x40 /* IP_??? */, 0xbfe2eeb4, 0xbfe2eea8) = -1 ENOENT (No such file or directory)
close(3) = 0
write(2, "iptables v1.3.5: ", 17iptables v1.3.5: ) = 17
write(2, "can\'t initialize iptables table "..., 84can't initialize iptables table `nat': Table does not exist (do you need to insmod?)) = 84
write(2, "\n", 1
) = 1
write(2, "Perhaps iptables or your kernel "..., 54Perhaps iptables or your kernel needs to be upgraded.
) = 54
exit_group(3) = ?
Process 4851 detached
Update: http://bugzilla.openvz.org/show_bug.cgi?id=506
Какой-то нехороший скрипт прописал в /etc/modprobe.conf строку options ip_conntrack ip_conntrack_disable_ve0=1 ну и всё поломалось. А какой скрипт там побаловался - пусть уж сами авторы разбираются. А я ручками эту строку вымараю ...
