OpenVZ Forum: Support

Home » General » Support » firewall

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

firewall [message #38829]

Sun, 07 February 2010 20:42

Lord Daedra
Messages: 5
Registered: February 2010
Location: Kolchugino

Junior Member

http://easyfwgen.morizot.net/gen/index.php

There is nice tool, which can help configure firewall. But I dont know how to use it together with OpenVZ containers

What do I need set in Gateway/Firewall a/b/c/d fields?
- Internal Network Interface: ( venet0 ?)
- Internal Network IP Address: (?)
- Internal Network: (?)
- Internal Network Broadcast: (?)

Should I check this checkboxes in "Advanced Network Options Help"?
- Transparent Web Proxy (?)
- Enable Port Forwarding to an Internal System (?)

My ifconfig on node:

Quote:

eth0 Link encap:Ethernet HWaddr 00:30:48:B0:BA:D8
inet addr:67.205.67.10 Bcast:67.205.67.31 Mask:255.255.255.224
inet6 addr: fe80::230:48ff:feb0:bad8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:23684 errors:0 dropped:0 overruns:0 frame:0
TX packets:20259 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:1749847 (1.6 MiB) TX bytes:1643294 (1.5 MiB)
Memory:d0100000-d0120000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1176 (1.1 KiB) TX bytes:1176 (1.1 KiB)

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: fe80::1/128 Scope:Link
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:1209 errors:0 dropped:0 overruns:0 frame:0
TX packets:1185 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:211042 (206.0 KiB) TX bytes:161084 (157.3 KiB)

My ifconfig on VPS:

Quote:

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:879 (879.0 B) TX bytes:879 (879.0 B)

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
inet6 addr: ::1/128 Scope:Host
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:667 errors:0 dropped:0 overruns:0 frame:0
TX packets:714 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:116595 (116.5 KB) TX bytes:129326 (129.3 KB)

venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:174.142.167.218 P-t-P:174.142.167.218 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1

If I will use "Single System", firewall will block all my VPS trafic so I need configure "Gateway/Firewall" but I'm not sure about this..

Thanks for any tips&trips.

Report message to a moderator

Re: firewall [message #38863 is a reply to message #38829]

Sat, 13 February 2010 11:50

maratrus
Messages: 1495
Registered: August 2007
Location: Moscow

Senior Member

Hello,

at a first glance this script separates internal and external networks and allows some nodes from internal network move to internet. Is that what you want to realize?
It might happen that I was no to careful but looks like

Internal Network Interface = venet0
Internal Network = is a network your CTs belong to
Internal Network IP Address: Actually HN doesn't have any ip addresses on venet0 so you may assign any ip address
Internal Network Broadcast = venet0 doesn't support broadcasts (veth does) so you may pretend that you have broadcast and assign it

Report message to a moderator

Previous Topic:	OpenVPS iptables error
Next Topic:	Error while using vzpkgcache (maybe understanding-problem)

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Thu Nov 06 13:34:57 GMT 2025

Total time taken to generate the page: 0.10513 seconds