Openvz iptables

From MS Computech
Revision as of 18:40, 14 June 2009 by 125.24.202.32 (talk)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

How to ins iptables to openvz 



1.Edit files /etc/vz/vz.conf 

#nano /etc/vz/vz.conf


2.Change the line 

# IPv4 iptables kernel modules
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length

To this 

# IPv4 iptables kernel modules
IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT"


3.Restart Openvz 

# /etc/init.d/vz restart
Shutting down VE 101
Bringing down interface venet0: ..done
Stopping OpenVZ: ..done
Starting OpenVZ: ..done
Bringing up interface venet0: ..done
Configuring interface venet0: ..done
Starting VE 101: ..done


4.Edit Container config file 

# nano /etc/vz/conf/101.conf
# vzctl set 101 --iptables "iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT" --save
Retrieved from "https://msc.siamtools.com/wiki/index.php?title=Openvz_iptables&oldid=461"