| AFP or CSF on vzID [message #21263] |
Wed, 03 October 2007 23:49  |
bryan
Messages: 2
Registered: October 2007
|
Junior Member |
|
|
Hello,
Please let me know how to install
AFP or CSF on vzID i tried it but it just cut the connection
form vzid.
I changed the interface in conf files to venet0
and KERNEL to Monoletic 0 to 1 in conf files. but still no use.
am i missing anything else.
~ Abhay
|
|
|
|
|
|
|
|
| Re: AFP or CSF on vzID [message #21332 is a reply to message #21263] |
Fri, 05 October 2007 10:18  |
tomfra
Messages: 28
Registered: September 2007
|
Junior Member |
|
|
There seems to be some kind of bug that you may experience during CSF upgrade. For some reason it can't find the "iptables" command in the standard PATH so it's necessary to use full paths to iptables in the csfpre.sh file.
In other words, instead of:
iptables -A INPUT -i venet0 -j ACCEPT
iptables -A OUTPUT -o venet0 -j ACCEPT
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -i venet0
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -o venet0
put there something like this:
/sbin/iptables -A INPUT -i venet0 -j ACCEPT
/sbin/iptables -A OUTPUT -o venet0 -j ACCEPT
/sbin/iptables -A FORWARD -j ACCEPT -p all -s 0/0 -i venet0
/sbin/iptables -A FORWARD -j ACCEPT -p all -s 0/0 -o venet0
And of course, change the path if you have iptables elsewhere although I believe it should normally be indeed in /sbin .
If the CSF upgrade process can't find the iptables command, the csfpre.sh contents will be ignored which in turn means the traffic from venet0 will be blocked. This is a big problem if you have automatic CSF updates enabled because it will not send you a warning email. Instead, it will simply cut off all the VPSes silently...
Tomas
Do you really believe the Internet is a safe place?
IdentityCloaker.com - Take Back Your Privacy!
|
|
|
|
|
|
| Re: AFP or CSF on vzID [message #28843 is a reply to message #21332] |
Sun, 30 March 2008 15:44 |
jasbor
Messages: 2
Registered: March 2008
|
Junior Member |
|
|
Did you do this on the hardware node or from within the VE?
I tried from within the ve, and still getting an error.
www.webresellers.net
|
|
|
|
|
|
| Re: AFP or CSF on vzID [message #28849 is a reply to message #28848] |
Sun, 30 March 2008 23:11 |
jasbor
Messages: 2
Registered: March 2008
|
Junior Member |
|
|
I guess I am just having a different issue....
I am trying to install CSF on a VE running cpanel, and I am getting:
iptables: Unknown error 4294967295
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* '
Error: iptables command [/sbin/iptables -v -A LOGDROPIN -p tcp -m limit --limit 30/m --limit-burst 5 -j LOG --log-prefix 'Firewall: *TCP_IN Blocked* '] failed, at line 204
any suggestions?
www.webresellers.net
|
|
|
|
|
|
| Re: AFP or CSF on vzID [message #34068 is a reply to message #21263] |
Sat, 29 November 2008 16:25 |
tomfra
Messages: 28
Registered: September 2007
|
Junior Member |
|
|
It surely is possible to install CSF on an OpenVZ VE. I have done this many times, both in a cPanel VPS as well as a non-cPanel one. You can, and in my opinion should, install CSF on the hardware node too.
Cannot say much about the error you are experiencing, I have never seen it.
Tomas
Do you really believe the Internet is a safe place?
IdentityCloaker.com - Take Back Your Privacy!
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
