OpenVZ Forum


Home » General » Support » Firewall / iptables HOWTO?
Firewall / iptables HOWTO? [message #6519] Tue, 19 September 2006 22:23 Go to next message
dowdle is currently offline  dowdle
Messages: 261
Registered: December 2005
Location: Bozeman, Montana
Senior Member
Greetings,

I know this has been mentioned a zillion times but for some reason, I'm having a problem locating it:

How does one create an iptables firewall on the physical host?

How does one create an iptables firewall on the VPSes?

Details:

Kernel: Latest OpenVZ Testing.
Physical Host: CentOS 4.4
VPSes: CentOS 4.4

Basically I'd like to allow access to SSH on the physical host, and not much else... and then VPSes, I'd just like to open up the services I have running, and nothing else.

Help me pull my head out.

--
TYL, Scott Dowdle
Belgrade, Montana, USA

Report message to a moderator

Re: Firewall / iptables HOWTO? [message #6548 is a reply to message #6519] Wed, 20 September 2006 08:15 Go to previous messageGo to next message
Vasily Tarasov is currently offline  Vasily Tarasov
Messages: 1345
Registered: January 2006
Senior Member
You can use iptables as usual in VE and on HN to create firewall.
The only thing you should keep in head is that VE uses HN as gateway through venet interface (if you use veth interface for VE than situation is different).

If the question is "where to set firewall in VE or on HN?", then it depends on the situation. If you wish the root of VE to be able to modify iptables rules then it should be in VE, otherwise it shoud be on HN.

HTH,
vass.

Report message to a moderator

Re: Firewall / iptables HOWTO? [message #6564 is a reply to message #6519] Wed, 20 September 2006 10:50 Go to previous messageGo to next message
victorskl is currently offline  victorskl
Messages: 28
Registered: September 2006
Junior Member
Just bring up some similar threads for troubleshooting.. I still configuring as well.. If i could come out, i'll supply some info..

- http://forum.openvz.org/index.php?t=msg&goto=2924&
- RHL-9 guide
- linuxtopia guide
- AFP on SW forum thread
- http://faq.swsoft.com/article_130_875_en.html (public guide)

thanks

http://static.openvz.org/userbars/openvz-user.png

Report message to a moderator

Re: Firewall / iptables HOWTO? [message #6605 is a reply to message #6548] Wed, 20 September 2006 18:12 Go to previous messageGo to next message
dowdle is currently offline  dowdle
Messages: 261
Registered: December 2005
Location: Bozeman, Montana
Senior Member
First of all, thanks for the reply.

I think what is really needed is a pratical example.

As you mentioned... I need to keep in mind that a VPS routes everything through the HN... ok... how would that impact my iptables rules on the HN? Do I have to worry about ipaddresses of my VPSes in the iptables rules on the HN or just the services?

It would be nice to see an example all laid out. That would be very helpful and probably eliminate a lot of the questions on the subject.

Or if this has already been documented somewhere, point me in the right direction.

--
TYL, Scott Dowdle
Belgrade, Montana, USA

Report message to a moderator

Re: Firewall / iptables HOWTO? [message #6756 is a reply to message #6605] Fri, 22 September 2006 05:52 Go to previous messageGo to next message
Vasily Tarasov is currently offline  Vasily Tarasov
Messages: 1345
Registered: January 2006
Senior Member
I'm absolutely agree with you that
"what is really needed is a pratical example".
I'll create a wiki article (http://wiki.openvz.org) next week.

Thanks for your offers,
you help to make OpenVZ better. Smile

Report message to a moderator

Re: Firewall / iptables HOWTO? [message #6797 is a reply to message #6756] Fri, 22 September 2006 15:49 Go to previous messageGo to next message
dowdle is currently offline  dowdle
Messages: 261
Registered: December 2005
Location: Bozeman, Montana
Senior Member
So, if you are hinting that I be the one to write the article... ok, I can do that... but only after I get it figured out myself. Smile And to get it figured out I was wanting an article.

If I misunderstood you and you (or someone else you know) is going to write an article. THANK YOU!

I kinda sorta think I have it working... but I'm not sure if I'm in a position yet to teach others.

--
TYL, Scott Dowdle
Belgrade, Montana, USA

Report message to a moderator

Re: Firewall / iptables HOWTO? [message #6804 is a reply to message #6519] Fri, 22 September 2006 20:33 Go to previous message
victorskl is currently offline  victorskl
Messages: 28
Registered: September 2006
Junior Member
Sure, pls start on article. I will input wut i've learn align with you all.

- http://wiki.openvz.org/Shared_webhosting
- http://wiki.openvz.org/Using_NAT_for_VE_with_private_IPs

These two wiki entries really do work for those who have public(static) ip or having server in datacenter hosting. But it wont help much for home self-hosting user like mine (dyndns dynamic/custom service).

Networking and Firewall will depands on scenario of how our computer is connetcted to network. So we should supply with the scenario of our connected network as well in how to entry.

Basically, openvz really did fill up the blank for home hosting by mean of user-friendly seperated virtual servers for security. For me, now i totally can put my HN out of network for safety. Just ping point to one virtual which is online.

Now i wanted to venture more by adding seperate services with seperate virtuals.. So go on....

http://static.openvz.org/userbars/openvz-user.png

[Updated on: Fri, 22 September 2006 20:36]

Report message to a moderator

Previous Topic: *SOLVED* Gentoo Template Woes
Next Topic: FC5 needs rpm install
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Wed Nov 06 12:58:54 GMT 2024

Total time taken to generate the page: 0.03383 seconds
Powered by FUDforum Powered by Virtuozzo Containers