Difference between revisions of "Openvz iptables"

Revision as of 22:31, 16 November 2008

How to ins iptables to openvz 

1.Edit files /etc/vz/vz.conf

#nano /etc/vz/vz.conf

2.Change the line

# IPv4 iptables kernel modules
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length
 

To this

# IPv4 iptables kernel modules
IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT"

3.Restart Openvz

# /etc/init.d/vz restart
Shutting down VE 101
Bringing down interface venet0: ..done
Stopping OpenVZ: ..done
Starting OpenVZ: ..done
Bringing up interface venet0: ..done
Configuring interface venet0: ..done
Starting VE 101: ..done

4.Edit Container config file

# nano /etc/vz/conf/101.conf
# vzctl set 101 --iptables "iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT" --save