OpenVZ Forum


Home » General » Support » AFP or CSF on vzID
Re: AFP or CSF on vzID [message #21332 is a reply to message #21263] Fri, 05 October 2007 10:18 Go to previous messageGo to previous message
tomfra is currently offline  tomfra
Messages: 28
Registered: September 2007
Junior Member
There seems to be some kind of bug that you may experience during CSF upgrade. For some reason it can't find the "iptables" command in the standard PATH so it's necessary to use full paths to iptables in the csfpre.sh file.

In other words, instead of:

iptables -A INPUT -i venet0 -j ACCEPT
iptables -A OUTPUT -o venet0 -j ACCEPT
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -i venet0
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -o venet0

put there something like this:

/sbin/iptables -A INPUT -i venet0 -j ACCEPT
/sbin/iptables -A OUTPUT -o venet0 -j ACCEPT
/sbin/iptables -A FORWARD -j ACCEPT -p all -s 0/0 -i venet0
/sbin/iptables -A FORWARD -j ACCEPT -p all -s 0/0 -o venet0

And of course, change the path if you have iptables elsewhere although I believe it should normally be indeed in /sbin .

If the CSF upgrade process can't find the iptables command, the csfpre.sh contents will be ignored which in turn means the traffic from venet0 will be blocked. This is a big problem if you have automatic CSF updates enabled because it will not send you a warning email. Instead, it will simply cut off all the VPSes silently...

Tomas


Do you really believe the Internet is a safe place?
IdentityCloaker.com - Take Back Your Privacy!
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: USB printer inside VE
Next Topic: Wrong quota
Goto Forum:
  


Current Time: Fri Jul 25 20:16:27 GMT 2025

Total time taken to generate the page: 0.30169 seconds