Difference between revisions of "Openvz iptables"
From MS Computech
(New page: How to ins iptables to openvz <br>1.Edit files /etc/vz/vz.conf <pre>#nano /etc/vz/vz.conf</pre> <br>2.Change the line <pre># IPv4 iptables kernel modules IPTABLES="ipt_REJECT ip...) |
|||
| Line 1: | Line 1: | ||
| − | How to ins iptables to openvz | + | How to ins iptables to openvz |
| − | |||
| + | <br> | ||
<br>1.Edit files /etc/vz/vz.conf | <br>1.Edit files /etc/vz/vz.conf | ||
| − | <pre>#nano /etc/vz/vz.conf</pre> | + | <pre>#nano /etc/vz/vz.conf</pre> |
<br>2.Change the line | <br>2.Change the line | ||
<pre># IPv4 iptables kernel modules | <pre># IPv4 iptables kernel modules | ||
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length | IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length | ||
| − | </pre> | + | </pre> |
| − | To this | + | To this |
<pre># IPv4 iptables kernel modules | <pre># IPv4 iptables kernel modules | ||
| − | IPTABLES=" | + | IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT"</pre> |
| + | |||
<br>3.Restart Openvz | <br>3.Restart Openvz | ||
<pre># /etc/init.d/vz restart | <pre># /etc/init.d/vz restart | ||
| Line 20: | Line 21: | ||
Bringing up interface venet0: ..done | Bringing up interface venet0: ..done | ||
Configuring interface venet0: ..done | Configuring interface venet0: ..done | ||
| − | Starting VE 101: ..done</pre> | + | Starting VE 101: ..done</pre> |
<br>4.Edit Container config file | <br>4.Edit Container config file | ||
<pre># nano /etc/vz/conf/101.conf | <pre># nano /etc/vz/conf/101.conf | ||
# vzctl set 101 --iptables "ip_tables iptable_filter iptable_mangle ipt_multiport ipt_REJECT ipt_LOG ip_conntrack ipt_conntrack ipt_state ipt_helper iptable_nat ipt_REDIRECT " --save</pre> | # vzctl set 101 --iptables "ip_tables iptable_filter iptable_mangle ipt_multiport ipt_REJECT ipt_LOG ip_conntrack ipt_conntrack ipt_state ipt_helper iptable_nat ipt_REDIRECT " --save</pre> | ||
Revision as of 22:19, 16 November 2008
How to ins iptables to openvz
1.Edit files /etc/vz/vz.conf
#nano /etc/vz/vz.conf
2.Change the line
# IPv4 iptables kernel modules IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length
To this
# IPv4 iptables kernel modules IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT"
3.Restart Openvz
# /etc/init.d/vz restart Shutting down VE 101 Bringing down interface venet0: ..done Stopping OpenVZ: ..done Starting OpenVZ: ..done Bringing up interface venet0: ..done Configuring interface venet0: ..done Starting VE 101: ..done
4.Edit Container config file
# nano /etc/vz/conf/101.conf # vzctl set 101 --iptables "ip_tables iptable_filter iptable_mangle ipt_multiport ipt_REJECT ipt_LOG ip_conntrack ipt_conntrack ipt_state ipt_helper iptable_nat ipt_REDIRECT " --save
