Difference between revisions of "Openvz iptables"
From MS Computech
(New page: How to ins iptables to openvz <br>1.Edit files /etc/vz/vz.conf <pre>#nano /etc/vz/vz.conf</pre> <br>2.Change the line <pre># IPv4 iptables kernel modules IPTABLES="ipt_REJECT ip...) |
|||
| (2 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
| − | How to ins iptables to openvz | + | How to ins iptables to openvz |
| − | |||
| + | <br> | ||
<br>1.Edit files /etc/vz/vz.conf | <br>1.Edit files /etc/vz/vz.conf | ||
| Line 7: | Line 7: | ||
<br>2.Change the line | <br>2.Change the line | ||
<pre># IPv4 iptables kernel modules | <pre># IPv4 iptables kernel modules | ||
| − | IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length | + | IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length</pre> |
| − | + | To this | |
| − | To this | ||
<pre># IPv4 iptables kernel modules | <pre># IPv4 iptables kernel modules | ||
| − | IPTABLES=" | + | IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT"</pre> |
<br>3.Restart Openvz | <br>3.Restart Openvz | ||
<pre># /etc/init.d/vz restart | <pre># /etc/init.d/vz restart | ||
| Line 23: | Line 22: | ||
<br>4.Edit Container config file | <br>4.Edit Container config file | ||
<pre># nano /etc/vz/conf/101.conf | <pre># nano /etc/vz/conf/101.conf | ||
| − | # vzctl set 101 --iptables " | + | # vzctl set 101 --iptables "iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT" --save</pre> |
Latest revision as of 18:40, 14 June 2009
How to ins iptables to openvz
1.Edit files /etc/vz/vz.conf
#nano /etc/vz/vz.conf
2.Change the line
# IPv4 iptables kernel modules IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length
To this
# IPv4 iptables kernel modules IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT"
3.Restart Openvz
# /etc/init.d/vz restart Shutting down VE 101 Bringing down interface venet0: ..done Stopping OpenVZ: ..done Starting OpenVZ: ..done Bringing up interface venet0: ..done Configuring interface venet0: ..done Starting VE 101: ..done
4.Edit Container config file
# nano /etc/vz/conf/101.conf # vzctl set 101 --iptables "iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT" --save
