OpenVZ Forum


Home » General » Support » Host firewall -- SOLVED
Re: Host firewall [message #3063 is a reply to message #3022] Wed, 10 May 2006 09:10 Go to previous messageGo to previous message
Vasily Tarasov is currently offline  Vasily Tarasov
Messages: 1345
Registered: January 2006
Senior Member
ferp2, unfortunately I was not able to reproduce your problem localy:

[root@dhcp0-82 ~]# uname -a
Linux dhcp0-82.sw.ru 2.6.8-022stab064.1 #1 Thu Jan 19 22:16:02 MSK 2006 i686 i686 i386 GNU/Linux

[root@dhcp0-82 ~]# iptables -L -n
Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 192.168.0.0/24 192.168.0.82 icmp type 8
ACCEPT tcp -- 192.168.0.254 192.168.0.82 tcp dpt:22 state NEW
LOG icmp -- 0.0.0.0/0 192.168.0.82 icmp !type 8 LOG flags 0 level 4
LOG tcp -- 0.0.0.0/0 192.168.0.82 LOG flags 0 level 4

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 192.168.0.82 192.168.0.0/24 icmp type 0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4


[root@dhcp0-82 ~]# cat /etc/sysconfig/iptables
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [0:0]
-A INPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
-A INPUT -p icmp --icmp-type 8 -s 192.168.0.0/24 -d 192.168.0.82 -j ACCEPT
-A INPUT -p tcp --destination-port 22 -s 192.168.0.254 -d 192.168.0.82 -m state --state NEW -j ACCEPT
-A INPUT -p icmp --icmp-type ! 8 -s 0.0.0.0/0 -d 192.168.0.82 -j LOG --log-level 4
-A INPUT -p tcp -s 0.0.0.0/0 -d 192.168.0.82 -j LOG --log-level 4


-A OUTPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
-A OUTPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
-A OUTPUT -p icmp --icmp-type 0 -s 192.168.0.82 -d 192.168.0.0/24 -j ACCEPT
-A OUTPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j LOG --log-level 4
COMMIT

[root@dhcp0-82 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:2A:0C:8A
inet addr:192.168.0.82 Bcast:192.168.3.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7752 errors:0 dropped:0 overruns:0 frame:0
TX packets:502 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:823851 (804.5 KiB) TX bytes:63597 (62.1 KiB)
Interrupt:18 Base address:0x1080

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)

venet0 Link encap:UNSPEC HWaddr FF-BF-78-F6-FF-BF-F0-AC-00-00-00-00-00-00-00-00
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:83 errors:0 dropped:0 overruns:0 frame:0
TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5628 (5.4 KiB) TX bytes:924 (924.0 b)


in VPS:
-bash-3.00# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)

venet0 Link encap:UNSPEC HWaddr FF-BF-38-F7-FF-BF-38-93-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:43 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:588 (588.0 b) TX bytes:2940 (2.8 KiB)

venet0:0 Link encap:UNSPEC HWaddr FF-BF-38-F7-FF-BF-AC-F7-00-00-00-00-00-00-00-00
inet addr:192.168.0.142 P-t-P:192.168.0.142 Bcast:192.168.0.142 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1

Can you, please, check iptables settings inside VPS?
May be there is some firewall inside VPS?
Thanks.

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: number of partitions
Next Topic: system limits
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Fri Aug 09 16:17:33 GMT 2024

Total time taken to generate the page: 0.02898 seconds
Powered by FUDforum Powered by Virtuozzo Containers