ip6tables hoʻopuka ma CentOS 6.10 OpenVZ kikowaena: ʻaʻole hiki ke hoʻokuʻu i nā modula
Aloha e nā hoaaloha ma Serverfault!
He pilikia ʻano ʻē me kaʻu kikowaena CentOS 6.10 OpenVZ (e hoʻohana nei iā Virtualizor), no ka mea ua ʻae wau i ke kākoʻo IPv6.
He hoʻonohonoho like kēia kikowaena me ʻekolu mau kikowaena ʻē aʻe me ka OS like a me ka kernel, ʻo ka mea ʻokoʻa wale nō ua hoʻonohonoho ʻia kēia kikowaena ma ke ʻano he haku a me nā kikowaena ʻekolu ʻē aʻe he kauā.
I mea e hoʻohana pono ai ʻo IPv6 ma nā kikowaena o nā kikowaena, pono e hiki iaʻu ke hoʻopau i nā ip6tables (ʻaʻole IPv6 pū, akā ʻo nā ip6tables wale nō.
Inā holo wau i ke kauoha e kāpae i nā ip6tables loaʻa wau i kēia kuhihewa:
lawelawe ip6tables hoʻopau
ip6tables : Ke mālama nei i nā lula firewall i / etc / sysconfig / ip6table [OK] ip6tables: Ke hoʻonohonoho nei i nā kaulahao i ke kulekele ʻĀpono: filter [OK] ip6tables: Flushing firewall rules: [OK] ip6tables: Unloading modules: ip6table_filter ip6t_LOG ip6 [FAILED] lter ip6_tables
ʻO ka kernel OpenVZ Loaʻa iaʻu ma nā kikowaena ʻehā āpau
2.6.32-042stab134.46 # 1 SMP Wed Jan 16 05:56:41 CET 2019 x86_64 x86_64 x86_64 GNU / Linux
E like me kaʻu i ʻōlelo ai ma mua, ʻo kēia kahu kikowaena wale nō e hoʻihoʻi i kēia hemahema ke hoʻāʻo nei e kāohi i nā ip6tables, ʻoiai e hana maikaʻi ia ma nā kikowaena salve māhoe ʻē aʻe.
Mahalo wau i kekahi kōkua i hiki iā ʻoe ke ʻoluʻolu. e hāʻawi iaʻu e hiki ke hoʻokū maikaʻi i nā ip6tables a hiki ke hoʻohana pono i ka IPv6 i loko o nā ipu o kēia kikowaena.
Eia nā modula i kau ʻia ma ka pūnaewele kikowaena e hoʻihoʻi i ka hemahema:
lsmod
Module Size Used by
sit 11553 0
tunnel4 2983 1 sit
sch_sfq 5835 94
cls_u32 6934 2
sch_cbq 16537 2
ip6t_LOG 8485 10
ip6t_rt 6714 6
xt_recent 8593 8
ipt_addrtype 2161 8
xt_conntrack 3960 111
iptable_raw 2368 0
vzethdev 8245 0
pio_kaio 14060 0
pio_nfs 19043 0
pio_direct 30148 54
pfmt_raw 3333 0
pfmt_ploop1 6671 54
ploop 120055 167 pio_kaio,pio_nfs,pio_direct,pfmt_raw,pfmt_ploop1
simfs 5189 0
vzrst 206905 7
vzcpt 156425 1 vzrst
nfs 449026 3 pio_nfs,vzrst,vzcpt
lockd 78281 2 vzrst,nfs
fscache 61345 1 nfs
auth_rpcgss 46116 1 nfs
nfs_acl 2655 1 nfs
sunrpc 274118 6 pio_nfs,nfs,lockd,auth_rpcgss,nfs_acl
vziolimit 3775 0
vzdquota 55467 0 [permanent]
xt_owner 2250 0
nf_nat 23122 1 vzrst
xt_length 1330 0
xt_hl 1539 44
xt_tcpmss 1615 0
xt_TCPMSS 3549 0
iptable_mangle 3453 0
iptable_filter 2897 5
xt_multiport 2772 0
xt_limit 2126 33
nf_conntrack_ipv4 9650 93 nf_nat
nf_defrag_ipv4 1523 1 nf_conntrack_ipv4
ipt_LOG 7886 16
xt_DSCP 2841 0
xt_dscp 2065 0
ipt_REJECT 2423 3
ip_tables 18183 3 iptable_raw,iptable_mangle,iptable_filter
vzevent 2171 1
vznetdev 18984 108
vzmon 24539 57 vzrst,vzcpt,vznetdev
vzdev 2725 5 vzethdev,vziolimit,vzdquota,vznetdev,vzmon
ip6t_REJECT 4447 2
nf_conntrack_ipv6 7993 20
nf_defrag_ipv6 26701 1 nf_conntrack_ipv6
nf_conntrack 81593 6 xt_conntrack,vzrst,vzcpt,nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6
ip6table_filter 3025 3
ip6_tables 19020 2 ip6t_LOG,ip6table_filter
ipv6 342524 1685 sit,vzrst,vzcpt,ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6
pppoatm 4421 0
atm 48007 1 pppoatm
ppp_async 7866 0
crc_ccitt 1725 1 ppp_async
ppp_deflate 4176 0
zlib_deflate 21661 1 ppp_deflate
arc4 1483 0
ecb 2217 0
ppp_mppe 6246 0
ppp_generic 25891 4 pppoatm,ppp_async,ppp_deflate,ppp_mppe
slhc 5845 1 ppp_generic
tun 18741 0
acpi_pad 88001 0
iTCO_wdt 7342 0
iTCO_vendor_support 3064 1 iTCO_wdt
serio_raw 4666 0
sb_edac 18571 0
edac_core 46717 2 sb_edac
i2c_i801 13273 0
sg 29542 0
lpc_ich 13579 0
mfd_core 1935 1 lpc_ich
ioatdma 54090 896
shpchp 29554 0
ext4 431864 56
jbd2 93732 1 ext4
mbcache 8201 1 ext4
raid1 33193 2
sd_mod 37126 8
crc_t10dif 1217 1 sd_mod
isci 134936 0
libsas 74618 1 isci
scsi_transport_sas 35628 2 isci,libsas
igb 193997 0
dca 7133 2 ioatdma,igb
i2c_algo_bit 5911 1 igb
i2c_core 29164 3 i2c_i801,igb,i2c_algo_bit
ptp 9646 1 igb
pps_core 10722 1 ptp
ahci 43194 6
wmi 6287 0
dm_mirror 14904 0
dm_region_hash 12189 1 dm_mirror
dm_log 9938 2 dm_mirror,dm_region_hash
dm_mod 102855 2 dm_mirror,dm_log
A ʻo kēia ka hopena o lsmod ma ka kikowaena kahi e hiki ai ke hoʻopau ʻia ip6tables me ka ʻole o ka pilikia:
Module Size Used by
xt_set 4040 0
ip_set 30955 1 xt_set
nfnetlink 4587 1 ip_set
nf_conntrack_ipv6 7993 22
nf_defrag_ipv6 26701 1 nf_conntrack_ipv6
xt_conntrack 3960 43
ip6table_mangle 3629 1
iptable_nat 6091 1
ip6table_filter 3025 1
ip6_tables 19020 2 ip6table_mangle,ip6table_filter
xt_comment 1042 6
sit 11553 0
tunnel4 2983 1 sit
xt_recent 8593 0
sch_sfq 5835 22
cls_u32 6934 2
sch_cbq 16537 2
iptable_raw 2368 1
vzethdev 8245 0
pio_kaio 14060 0
pio_nfs 19043 0
pio_direct 30148 34
pfmt_raw 3333 0
pfmt_ploop1 6671 34
ploop 120055 107 pio_kaio,pio_nfs,pio_direct,pfmt_raw,pfmt_ploop1
simfs 5189 0
vzrst 206905 9
vzcpt 156425 1 vzrst
nfs 449026 3 pio_nfs,vzrst,vzcpt
lockd 78281 2 vzrst,nfs
fscache 61345 1 nfs
auth_rpcgss 46116 1 nfs
nfs_acl 2655 1 nfs
sunrpc 274118 6 pio_nfs,nfs,lockd,auth_rpcgss,nfs_acl
vziolimit 3775 0
vzdquota 55467 0 [permanent]
xt_owner 2250 0
nf_nat 23122 2 iptable_nat,vzrst
xt_length 1330 0
xt_hl 1539 0
xt_tcpmss 1615 0
xt_TCPMSS 3549 0
iptable_mangle 3453 1
iptable_filter 2897 3
xt_multiport 2772 7
xt_limit 2126 0
nf_conntrack_ipv4 9650 24 iptable_nat,nf_nat
nf_defrag_ipv4 1523 1 nf_conntrack_ipv4
ipt_LOG 7886 1
xt_DSCP 2841 0
xt_dscp 2065 0
ipt_REJECT 2423 2
ip_tables 18183 4 iptable_nat,iptable_raw,iptable_mangle,iptable_filter
vzevent 2171 1
vznetdev 18984 68
vzmon 24539 37 vzrst,vzcpt,vznetdev
vzdev 2725 7 vzethdev,vziolimit,vzdquota,vznetdev,vzmon
ip6t_REJECT 4447 2
nf_conntrack 81593 7 nf_conntrack_ipv6,xt_conntrack,iptable_nat,vzrst,vzcpt,nf_nat,nf_conntrack_ ipv4
ipv6 342524 1199 nf_conntrack_ipv6,nf_defrag_ipv6,ip6table_mangle,sit,vzrst,vzcpt,ip6t_REJECT
pppoatm 4421 0
atm 48007 1 pppoatm
ppp_async 7866 0
crc_ccitt 1725 1 ppp_async
ppp_deflate 4176 0
zlib_deflate 21661 1 ppp_deflate
arc4 1483 0
ecb 2217 0
ppp_mppe 6246 0
ppp_generic 25891 4 pppoatm,ppp_async,ppp_deflate,ppp_mppe
slhc 5845 1 ppp_generic
tun 18741 0
ipmi_si 47304 0
ipmi_msghandler 40332 1 ipmi_si
acpi_pad 88001 0
iTCO_wdt 7342 0
iTCO_vendor_support 3064 1 iTCO_wdt
serio_raw 4666 0
joydev 10544 0
sb_edac 18571 0
edac_core 46717 2 sb_edac
i2c_i801 13273 0
sg 29542 0
lpc_ich 13579 0
mfd_core 1935 1 lpc_ich
ioatdma 54090 576
shpchp 29554 0
ext4 431864 36
jbd2 93732 1 ext4
mbcache 8201 1 ext4
raid1 33193 2
sd_mod 37126 8
crc_t10dif 1217 1 sd_mod
isci 134936 0
libsas 74618 1 isci
scsi_transport_sas 35628 2 isci,libsas
ahci 43194 6
igb 193997 0
dca 7133 2 ioatdma,igb
i2c_algo_bit 5911 1 igb
i2c_core 29164 3 i2c_i801,igb,i2c_algo_bit
ptp 9646 1 igb
pps_core 10722 1 ptp
wmi 6287 0
dm_mirror 14904 0
dm_region_hash 12189 1 dm_mirror
dm_log 9938 2 dm_mirror,dm_region_hash
dm_mod 102855 2 dm_mirror,dm_log
Mahalo nui i nā mea āpau!
Вывести список загруженных модулей ядра и попытаться выгрузить их вручную с помощью команды modprobe -r <имя-модуля> .
Вероятно, проблема вызвана использованием некоторых модулей внутри контейнеры.
Другая причина - неправильный порядок разгрузки модулей.