OpenVZ Forum


Home » General » Support » *SOLVED* ipt_mport and ipt_iplimit
*SOLVED* ipt_mport and ipt_iplimit [message #14759] Mon, 09 July 2007 22:35 Go to next message
eugeniopacheco is currently offline  eugeniopacheco
Messages: 40
Registered: November 2005
Member
Hi,

I would like to know if it would be possible to use ipt_mport and ipt_iplimit inside a VPS or from the node server. Currently I have servers with CentOS 4 and kernel 2.6.18 and 2.6.9 and on none of these I'm able to use either one of the modules mentioned above from the HN nor from inside any VPS. Is there a way to have those modules added to the kernel?

Regards,

Eugenio Pacheco

[Updated on: Fri, 13 July 2007 08:06] by Moderator

Report message to a moderator

Re: ipt_mport and ipt_iplimit [message #14774 is a reply to message #14759] Tue, 10 July 2007 10:58 Go to previous messageGo to next message
Vasily Tarasov is currently offline  Vasily Tarasov
Messages: 1345
Registered: January 2006
Senior Member
Hello,

I think "ipt_mport" is multiport matching, is it? If so, you can use it on HN:

# iptables -A INPUT -p udp -m multiport --ports 567 -j DROP


"limit" also works on HN: 

# iptables -A INPUT -p udp -m  limit --limit 567/second


multiport and limit also work in VE.

Vasily.

Report message to a moderator

Re: ipt_mport and ipt_iplimit [message #14775 is a reply to message #14774] Tue, 10 July 2007 11:02 Go to previous messageGo to next message
eugeniopacheco is currently offline  eugeniopacheco
Messages: 40
Registered: November 2005
Member
Hi,

Actually mport is different from multiport. On mport you could use port ranges such as 80:110,6660:6670... Also iplimit is different from limit, iplimit can limit number of concurent connections without time limit instead of having to use a timeframe.

Regards,

Eugenio Pacheco

Report message to a moderator

Re: ipt_mport and ipt_iplimit [message #14811 is a reply to message #14775] Wed, 11 July 2007 09:02 Go to previous messageGo to next message
Vasily Tarasov is currently offline  Vasily Tarasov
Messages: 1345
Registered: January 2006
Senior Member
Oh!.. Sorry for my ignorance! Wink I'm not a big professional in iptables.

Well, as I know mport extention is not included in vanilla/rhel kernels at the moment, so it isn't supported by OpenVZ kernels also. The same situation is with iplimit extention.

HTH,
Vasily.

Report message to a moderator

Re: ipt_mport and ipt_iplimit [message #14816 is a reply to message #14759] Wed, 11 July 2007 09:37 Go to previous messageGo to next message
eugeniopacheco is currently offline  eugeniopacheco
Messages: 40
Registered: November 2005
Member
Hi,

Thanks a lot, I just wanted to make sure they weren't in the kernel. Wink I will check out wiki as to how to patch a vanilla kernel and add these iptables module.

Regards,

Eugenio Pacheco

Report message to a moderator

Re: ipt_mport and ipt_iplimit [message #14819 is a reply to message #14816] Wed, 11 July 2007 09:52 Go to previous message
Vasily Tarasov is currently offline  Vasily Tarasov
Messages: 1345
Registered: January 2006
Senior Member
Yes, this is the way. But note, that there can be some problems with running this modules inside VE. We've never reviewed these modules: probably they can't work in VE without proper virtualization.

Vasily.

Report message to a moderator

Previous Topic: Need help with OVZ networking implementation!
Next Topic: *SOLVED* Question about the right kernel download
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sat Jul 13 23:59:32 GMT 2024

Total time taken to generate the page: 0.02183 seconds
Powered by FUDforum Powered by Virtuozzo Containers