LinuxHostingSupport

If you receive the following error on restating iptables on a VPS:

error message: from firewall software ~ iptables: Unknown error 4294967295

you need to make sure the required iptable modules are loaded in the host server kernel. You have to use modprobe to load the following modules in the kernel:

modprobe ipt_MASQUERADE
modprobe ipt_helper
modprobe ipt_REDIRECT
modprobe ipt_state
modprobe ipt_TCPMSS
modprobe ipt_LOG
modprobe ipt_TOS
modprobe tun
modprobe iptable_nat
modprobe ipt_length
modprobe ipt_tcpmss
modprobe iptable_mangle
modprobe ipt_limit
modprobe ipt_tos
modprobe iptable_filter
modprobe ipt_helper
modprobe ipt_tos
modprobe ipt_ttl
modprobe ipt_REJECT

Once the modules are loaded, add the modules to your VPS using the vzctl command. You will have to stop the VPS first

vzctl stop VEID

and then add the modules to a VPS

vzctl set VEID –iptables ipt_REJECT –iptables ipt_tos –iptables ipt_TOS –iptables ipt_LOG –iptables ip_conntrack –iptables ipt_limit –iptables ipt_multiport –iptables iptable_filter –iptables iptable_mangle –iptables ipt_TCPMSS –iptables ipt_tcpmss –iptables ipt_ttl –iptables ipt_length –iptables ipt_state –iptables iptable_nat –iptables ip_nat_ftp –save

Once the above command is executed, start the VPS

vzctl start VEID

Now you are set to use iptables on your VPS.

You may come across with a “numiptent” error message while restarting iptables or whatever firewall (say csf) you have installed on your VPS. The error appear as follows:

The VPS iptables rule limit (numiptent) is too low (200/250) – stopping firewall to prevent iptables blocking all connections

There is a limit on the number of iptables packet filtering entries for a VPS and if the iptable rules added on a VPS exceeds the “numiptent” set, you will receive the given error message.

To make sure iptables works properly on a VPS, you need to increase the “numiptent” value in the VPS configuration file which is located at /etc/sysconfig/vz-scripts/veid.conf and have to restart the VPS.

You may receive the following message on accessing a VPS from the host server:

# vzctl enter 101
enter into VE 101 failed
Unable to open pty: No such file or directory

The reason behind is the missing tty/pty files OR the udev devices.

There are two ways of creating them, using the ‘MAKEDEV’ program OR copy the files from the host server itself.

Solution 1.

To create using the MAKEDEV program, execute the following commands on the host server:

# vzctl exec VEID /sbin/MAKEDEV tty
# vzctl exec VEID /sbin/MAKEDEV pty

You may need to update the startup files as well, so execute:

# vzctl exec VEID update-rc.d -f udev remove

Once the files are created, restart the VPS.

# vzctl restart VEID

Solution 2.

Directly copy the tty/pty files from the host server to a VPS with the following steps:

# cd /vz/root/<veid>/dev/
# rsync -a /dev/*  .

and restart the VPS.  You should now be able to enter the VPS.

• To fix the issue permanently,

1. Edit the file /etc/rc.sysinit of the VPS server:

# vi /etc/rc.sysinit

2. Search the line “/sbin/start_udev” and comment it

# /sbin/start_udev

3. Add the following lines after /sbin/start_udev commented line:

# /sbin/MAKEDEV tty
# /sbin/MAKEDEV pty

4. Now, reboot your VPS

# vzctl restart VEID

where, VEID is the VPS id of the vps in question.