| Re: AFP or CSF on vzID [message #21332 is a reply to message #21263] |
Fri, 05 October 2007 10:18   |
tomfra
Messages: 28
Registered: September 2007
|
Junior Member |
|
|
There seems to be some kind of bug that you may experience during CSF upgrade. For some reason it can't find the "iptables" command in the standard PATH so it's necessary to use full paths to iptables in the csfpre.sh file.
In other words, instead of:
iptables -A INPUT -i venet0 -j ACCEPT
iptables -A OUTPUT -o venet0 -j ACCEPT
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -i venet0
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -o venet0
put there something like this:
/sbin/iptables -A INPUT -i venet0 -j ACCEPT
/sbin/iptables -A OUTPUT -o venet0 -j ACCEPT
/sbin/iptables -A FORWARD -j ACCEPT -p all -s 0/0 -i venet0
/sbin/iptables -A FORWARD -j ACCEPT -p all -s 0/0 -o venet0
And of course, change the path if you have iptables elsewhere although I believe it should normally be indeed in /sbin .
If the CSF upgrade process can't find the iptables command, the csfpre.sh contents will be ignored which in turn means the traffic from venet0 will be blocked. This is a big problem if you have automatic CSF updates enabled because it will not send you a warning email. Instead, it will simply cut off all the VPSes silently...
Tomas
Do you really believe the Internet is a safe place?
IdentityCloaker.com - Take Back Your Privacy!
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
