OpenVZ Forum


Home » General » Support » need IPtables example
need IPtables example [message #34145] Sun, 07 December 2008 15:12
alfonsodiecko is currently offline  alfonsodiecko
Messages: 14
Registered: October 2008
Junior Member
Hi,

I'm a loan but I have tackled to create a VZ but my problem is to get a working network. I have only one public IP and Debian as root system. I work with the How to http://wiki.openvz.org/Using_NAT_for_container_with_private_ IPs but it seems that my IPtablesscript doesn't work .

here is my IP Tablesscript 

echo "iptables werden geladen..."
modprobe ip_conntrack_ftp
modprobe ipt_MASQUERADE
iptables -F
iptables -X
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -N VERWERFEN
iptables -N AKZEPTIEREN
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT  -m state --state INVALID -j VERWERFEN
iptables -A OUTPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A VERWERFEN -j LOG --log-prefix "F_VERWEIGERT:"
iptables -A VERWERFEN -j DROP
iptables -A AKZEPTIEREN -j LOG --log-prefix "F_ERLAUBT:"
iptables -A AKZEPTIEREN -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j AKZEPTIEREN
iptables -A INPUT -p icmp -j AKZEPTIEREN
iptables -A OUTPUT -p icmp -j AKZEPTIEREN
iptables -A INPUT -p udp --dport 53 -j AKZEPTIEREN
iptables -A INPUT -p tcp --dport 53 -j AKZEPTIEREN
iptables -A OUTPUT -p udp --dport 53 -j AKZEPTIEREN
iptables -A OUTPUT -p tcp --dport 53 -j AKZEPTIEREN
iptables -A INPUT -p tcp --dport 80 -j AKZEPTIEREN
iptables -A OUTPUT -p tcp --dport 80 -j AKZEPTIEREN
iptables -A INPUT -p tcp --dport 25 -j AKZEPTIEREN
iptables -A OUTPUT -p tcp --dport 25 -j AKZEPTIEREN
iptables -A INPUT -p tcp --dport 110 -j AKZEPTIEREN
iptables -A INPUT -p tcp --dport 143 -j AKZEPTIEREN
iptables -A INPUT -p tcp --dport 21 -j AKZEPTIEREN
iptables -A OUTPUT -p tcp --dport 21 -j AKZEPTIEREN
iptables -A INPUT -p udp --dport 8767 -j AKZEPTIEREN
#iptables -A INPUT -p tcp --dport 14534 -j AKZEPTIEREN
#iptables -A OUTPUT -p tcp --dport 14534 -j AKZEPTIEREN

iptables -A INPUT -p tcp --dport 10000 -j AKZEPTIEREN
iptables -t nat -P PREROUTING ACCEPT
iptables -A INPUT -p tcp --dport 10122 -j AKZEPTIEREN
iptables -t nat -A PREROUTING -d 217.172.182.14 -i eth0 -p tcp --dport 10122 -j DNAT --to-destination 192.168.172.50:22
iptables -t nat -A POSTROUTING -s 192.168.172.50/32 -o eth0 -j SNAT --to 217.172.182.14
echo "iptables sind geladen"


Are there some mistakes ? I would be happy when you help me with my problem .

kind regards

alfonso

Report message to a moderator

[Message index]
 
Read Message
Previous Topic: Problem in migration
Next Topic: Maximum number of VEs on a single host
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Wed Jul 17 21:34:56 GMT 2024

Total time taken to generate the page: 0.02677 seconds
Powered by FUDforum Powered by Virtuozzo Containers