kiltum (kiltum) wrote,
kiltum
kiltum

(всхипывая) ну ведь знал же, знал, что не может всё оказаться хорошо.

В openvz rhel-ядре поломали NAT.


[root@tuk ~]# uname -a
Linux tuk 2.6.18-8.el5.028stab021.1 #1 SMP Mon Mar 12 18:38:14 MSK 2007 i686 i686 i386 GNU/Linux
[root@tuk ~]# iptables -t nat -L
iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
[root@tuk ~]# lsmod|grep ip
iptable_nat            13316  0 
ip_nat                 21776  2 iptable_nat,vzrst
ipt_ttl                 5888  0 
ipt_TCPMSS              8192  0 
iptable_mangle          8704  1 
xt_multiport            7168  0 
ipt_tos                 5760  0 
ipt_REJECT              9344  0 
ipv6                  259104  21 vzrst,vzcpt,vzmon
ip_conntrack_netbios_ns     6912  0 
ip_conntrack           60228  5 iptable_nat,vzrst,ip_nat,vzcpt,ip_conntrack_netbios_ns
nfnetlink              10648  2 ip_nat,ip_conntrack
iptable_filter          8576  2 
ip_tables              17992  3 iptable_nat,iptable_mangle,iptable_filter
x_tables               19204  11 iptable_nat,xt_tcpudp,xt_length,ipt_ttl,xt_tcpmss,ipt_TCPMSS,xt_multiport,xt_limit,ipt_tos,ipt_REJECT,ip_tables
dm_multipath           21512  0 
dm_mod                 56600  2 dm_mirror,dm_multipath
[root@tuk ~]# strace iptables -t nat -L
execve("/sbin/iptables", ["iptables", "-t", "nat", "-L"], [/* 20 vars */]) = 0
brk(0)                                  = 0x8402000
uname({sys="Linux", node="tuk", ...})   = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=11700, ...}) = 0
mmap2(NULL, 11700, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f53000
close(3)                                = 0
open("/lib/libdl.so.2", O_RDONLY)       = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000[Y\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=16528, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f52000
mmap2(0x595000, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x595000
mmap2(0x597000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x597000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\300F\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1576920, ...}) = 0
mmap2(0x456000, 1295780, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x110000
mmap2(0x247000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x137) = 0x247000
mmap2(0x24a000, 9636, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x24a000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f51000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f516c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0x247000, 8192, PROT_READ)     = 0
mprotect(0x597000, 4096, PROT_READ)     = 0
mprotect(0x452000, 4096, PROT_READ)     = 0
munmap(0xb7f53000, 11700)               = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
getsockopt(3, SOL_IP, 0x40 /* IP_??? */, 0xbfe2eeb4, 0xbfe2eea8) = -1 ENOENT (No such file or directory)
close(3)                                = 0
open("/proc/sys/kernel/modprobe", O_RDONLY) = 3
brk(0)                                  = 0x8402000
brk(0x8423000)                          = 0x8423000
read(3, "/sbin/modprobe\n", 1024)       = 15
close(3)                                = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f51708) = 4854
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 4854
--- SIGCHLD (Child exited) @ 0 (0) ---
socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
getsockopt(3, SOL_IP, 0x40 /* IP_??? */, 0xbfe2eeb4, 0xbfe2eea8) = -1 ENOENT (No such file or directory)
close(3)                                = 0
write(2, "iptables v1.3.5: ", 17iptables v1.3.5: )       = 17
write(2, "can\'t initialize iptables table "..., 84can't initialize iptables table `nat': Table does not exist (do you need to insmod?)) = 84
write(2, "\n", 1
)                       = 1
write(2, "Perhaps iptables or your kernel "..., 54Perhaps iptables or your kernel needs to be upgraded.
) = 54
exit_group(3)                           = ?
Process 4851 detached



Update: http://bugzilla.openvz.org/show_bug.cgi?id=506
Какой-то нехороший скрипт прописал в /etc/modprobe.conf строку options ip_conntrack ip_conntrack_disable_ve0=1 ну и всё поломалось. А какой скрипт там побаловался - пусть уж сами авторы разбираются. А я ручками эту строку вымараю ...
Tags: lytdybr, openvz, unix
Subscribe
  • Post a new comment

    Error

    default userpic

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 0 comments