Symptoms
Sometimes when running iptables command inside a Container the following error occurs:32-bit Container:
# /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Unknown error 4294967295
64-bit Container:
# /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Unknown error 18446744073709551615
Cause
Probably not all required iptables modules are enabled for a Container.Another case - you are trying to use iptables module, which is not virtualized for Containers, e.g. MASQUERADE option:
// inside a Container:
# iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o venet0 -j MASQUERADE
iptables: Unknown error 4294967295Resolution
Please try to adjust iptables configuration as described in the following KB article.For second case - just remember, that MASQUERADE option could not be used due to masquerading is not virtualized as a module. However you may use SNAT instead. Supported and active iptables modules inside a Container could be checked in the file /proc/net/ip_tables_targets, e.g.:
[root@HWN ~]# vzctl exec 101 cat /proc/net/ip_tables_targets
LOG
TCPMSS
REJECT
TOS
DNAT
SNAT
[root@HWN ~]#