Article ID: 128355, created on Feb 17, 2016, last review on May 10, 2016

  • Applies to:
  • Virtuozzo 6.0

Symptoms

The following messages are logged in /var/log/vzctl.log:

2016-01-01T05:43:16+0300 prl_disp_service : Warning: Unknown iptable module ipt_REDIRECT; skipped
2016-01-01T05:43:16+0300 prl_disp_service : Warning: Unknown iptable module ipt_recent; skipped
2016-01-01T05:43:16+0300 prl_disp_service : Warning: Unknown iptable module ipt_MASQUERADE; skipped
2016-01-01T05:43:16+0300 prl_disp_service : Warning: Unknown iptable module xt_connlimit; skipped
2016-01-01T05:43:16+0300 prl_disp_service : Warning: Unknown iptable module xt_statistic; skipped
2016-01-01T05:43:16+0300 prl_disp_service : Invalid parameter ip_tables ipt_state ipt_multiport iptable_filter ipt_limit ipt_LOG ipt_REJECT ipt_REDIRECT ipt_conntrack ip_conntrack ip_conntrack_ftp ipt_owner ipt_recent ipt_tos iptable_mangle iptable_nat ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_MASQUERADE xt_connlimit xt_statistic

Cause

Dispatcher service queries the containers configuration and prints unsupported iptables modules for each container.

Resolution

Use the netfilter option instead of obsoleted iptables mode. For more information, refer to the following article:

126136 Netfilter Mode and netfilter (iptables) modules

IPTABLES section in /etc/vz/vz.conf file should be commented out.

WARNING: Dispatcher restart is required to apply configuration changes. All running virtual machines will be suspended and resumed during this action:

~# service parallels-server restart

NOTE: If the container's configuration file does not have any IPTABLES option, and the global configuration file /etc/vz/vz.conf (ensure that this is a symbolic link to /etc/sysconfig/vz) contains some modules in IPTABLES option, then the effect is like that configuration option is defined in the container's configuration file. So, apply NETFILTER settings accordingly.

Search Words

Invalid parameter ip_tables

Unknown iptable module

prl_disp_service : Invalid parameter ipt_comment ipt_tcp iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT

prl_disp_service : Warning

c62e8726973f80975db0531f1ed5c6a2 2897d76d56d2010f4e3a28f864d69223 0dd5b9380c7d4884d77587f3eb0fa8ef

Email subscription for changes to this article
Save as PDF