Difference between revisions of "Openvz iptables"
From MS Computech
| (One intermediate revision by one other user not shown) | |||
| Line 1: | Line 1: | ||
How to ins iptables to openvz | How to ins iptables to openvz | ||
| − | <br> | + | <br> |
<br>1.Edit files /etc/vz/vz.conf | <br>1.Edit files /etc/vz/vz.conf | ||
| − | <pre>#nano /etc/vz/vz.conf</pre> | + | <pre>#nano /etc/vz/vz.conf</pre> |
<br>2.Change the line | <br>2.Change the line | ||
<pre># IPv4 iptables kernel modules | <pre># IPv4 iptables kernel modules | ||
| − | IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length | + | IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length</pre> |
| − | |||
To this | To this | ||
<pre># IPv4 iptables kernel modules | <pre># IPv4 iptables kernel modules | ||
| − | IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT"</pre> | + | IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT"</pre> |
| − | |||
<br>3.Restart Openvz | <br>3.Restart Openvz | ||
<pre># /etc/init.d/vz restart | <pre># /etc/init.d/vz restart | ||
| Line 21: | Line 19: | ||
Bringing up interface venet0: ..done | Bringing up interface venet0: ..done | ||
Configuring interface venet0: ..done | Configuring interface venet0: ..done | ||
| − | Starting VE 101: ..done</pre> | + | Starting VE 101: ..done</pre> |
<br>4.Edit Container config file | <br>4.Edit Container config file | ||
<pre># nano /etc/vz/conf/101.conf | <pre># nano /etc/vz/conf/101.conf | ||
| − | # vzctl set 101 --iptables " | + | # vzctl set 101 --iptables "iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT" --save</pre> |
Latest revision as of 18:40, 14 June 2009
How to ins iptables to openvz
1.Edit files /etc/vz/vz.conf
#nano /etc/vz/vz.conf
2.Change the line
# IPv4 iptables kernel modules IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length
To this
# IPv4 iptables kernel modules IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT"
3.Restart Openvz
# /etc/init.d/vz restart Shutting down VE 101 Bringing down interface venet0: ..done Stopping OpenVZ: ..done Starting OpenVZ: ..done Bringing up interface venet0: ..done Configuring interface venet0: ..done Starting VE 101: ..done
4.Edit Container config file
# nano /etc/vz/conf/101.conf # vzctl set 101 --iptables "iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT" --save
