OpenVZ Forum


Home » Mailing lists » Users » The problem of iptables on FC4
Re: The problem of iptables on FC4 [message #1655 is a reply to message #1651] Sun, 19 February 2006 07:21 Go to previous messageGo to previous message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member
I didn't fully got what doesn't work in your case.
First, you have the following rules in your iptables.sh

$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
...
$IPTABLES -A INPUT -p tcp -d 123.456.789.012/32 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -s 123.456.789.012/32 -j ACCEPT

which means that only 123.456.789.012/32 subnetwork should work fine.

Next, VPS networking requires IP forwarding, so it won't work with this rule:
$IPTABLES -P FORWARD DROP

Also, I would notice, that by default in OVZ kernel conntracks are disabled in host system. This is done so for performance reasons (no double conntracking). But if really needed you can enable it by:
/sbin/modprobe ip_conntrack "ip_conntrack_enable_ve0=1"

http://static.openvz.org/userbars/openvz-developer.png

Report message to a moderator

[Message index]
 
Read Message icon9.gif
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: openvz and SuSE
Next Topic: Debian Package of vzctl and vzquota
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Fri Feb 06 12:26:51 GMT 2026

Total time taken to generate the page: 0.38315 seconds
Powered by FUDforum Powered by Virtuozzo Containers