OpenVZ Forum


Home » General » Support » *SOLVED* Root Server - IPtables
*SOLVED* Root Server - IPtables [message #10647] Sun, 25 February 2007 18:56 Go to next message
Ashley is currently offline  Ashley
Messages: 40
Registered: December 2006
Member
I have had my server running fine with 6 VPS, however i have had to disable IP-tables, straight away i start ip-tables on the root server all connections are lost to the VPS.

This is both way incoming and outgoing, i have not modified the ip tables in any way on the root server, and have all the correct settings described in the manual for the different config files.

Has anyone had a problem like this and knows how to fix it.

Thanks very much.

Ashley

[Updated on: Tue, 27 February 2007 07:18] by Moderator

Report message to a moderator

Re: Root Server - IPtables [message #10672 is a reply to message #10647] Mon, 26 February 2007 11:38 Go to previous messageGo to next message
Vasily Tarasov is currently offline  Vasily Tarasov
Messages: 1345
Registered: January 2006
Senior Member
Hello,

Quote:


straight away i start ip-tables on the root server all connections are lost to the VPS.



How do you start iptables? Please, specify the real command you're using. Also I'd like to know what shows:

# iptables -L -nv
# iptables -t nat -L -nv


After iptables start.

Thanks,
Vasily

Report message to a moderator

Re: Root Server - IPtables [message #10687 is a reply to message #10672] Mon, 26 February 2007 16:57 Go to previous messageGo to next message
Ashley is currently offline  Ashley
Messages: 40
Registered: December 2006
Member
I start iptables using service iptables start:

Which sends
service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle filter [ OK ]
Unloading iptables modules: [FAILED]
Applying iptables firewall rules: [ OK ]
------------------------------------------

------------------------------------------

Then I did the following functions for you:
iptables -L -nv
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
62 4986 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0. 0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
324 59500 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0. 0.0.0/0

Chain OUTPUT (policy ACCEPT 354 packets, 46842 bytes)
pkts bytes target prot opt in out source destination

Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631
47 3544 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
339 60942 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

----------------------------------

----------------------------------
iptables -t nat -L -nv
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination


----------------------------------

----------------------------------
service iptables stop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle filter [ OK ]
Unloading iptables modules: [FAILED]


Yet again all VPS could not be conected to.

Thanks

Report message to a moderator

Re: Root Server - IPtables [message #10690 is a reply to message #10687] Mon, 26 February 2007 17:14 Go to previous messageGo to next message
Vasily Tarasov is currently offline  Vasily Tarasov
Messages: 1345
Registered: January 2006
Senior Member
Well, everything is .explainable now.
According to your rules: Rolling Eyes 

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
62 4986 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0. 0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
324 59500 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0. 0.0.0/0

Chain OUTPUT (policy ACCEPT 354 packets, 46842 bytes)
pkts bytes target prot opt in out source destination

Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631
47 3544 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
339 60942 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited


VE traffic is prohibited. Just read more carefully iptables manual.

Vasily

Report message to a moderator

Re: Root Server - IPtables [message #10699 is a reply to message #10690] Mon, 26 February 2007 17:55 Go to previous message
Ashley is currently offline  Ashley
Messages: 40
Registered: December 2006
Member
Thanks so much.

Im kidna newish to IPtables.

Thanks

Report message to a moderator

Previous Topic: *CLOSED* OpenVZ API?
Next Topic: OpenVZ + DRBD + Heartbeat on Debian Etch
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Fri Nov 15 16:46:48 GMT 2024

Total time taken to generate the page: 0.03304 seconds
Powered by FUDforum Powered by Virtuozzo Containers