| Re: iptables support inside vps [message #7985 is a reply to message #7952] |
Thu, 02 November 2006 06:20  |
Vasily Tarasov
Messages: 1345
Registered: January 2006
|
Senior Member |
|
|
Hello,
There is one more trick. As you now different iptables features are located in different kernel modules. Usually when iptables command see the feature, which kernel module isn't loaded, it loads appropriate module. But in VE it's prohibited to load kernel modules! Conclusion: before using specific rule you shuld make sure that appropriate module is loaded on _HN_.
The easiest way to do it, I suppose, first run the iptables comand that you want in VE, on HN and then flush it. After that all kernel modules that are needed for this command are loaded and you can fealessly executed this command in VE.
For example in you case:
[HN]# vzctl start 112
Starting VPS ...
VPS is mounted
Adding IP address(es): <ip address>
Setting CPU units: 1000
Setting devices
VPS start in progress...
[HN]# iptables -A FORWARD -j ACCEPT
[HN]# lsmod | wc
44 146 1721
[HN]# iptables -F
[HN]# lsmod | wc
44 146 1721
[HN]# vzctl enter 112
entered into VPS 112
[VE]#
[VE]# iptables -A FORWARD -j ACCEPT
[VE]# iptables -L
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
HTH,
vass.
[Updated on: Thu, 02 November 2006 07:13] Report message to a moderator |
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
