OpenVZ Forum


Home » General » Support » Installing CSF in hardware node (Installing CSF in hardware node)
Installing CSF in hardware node [message #39054] Tue, 09 March 2010 15:13 Go to next message
selva is currently offline  selva
Messages: 1
Registered: March 2010
Junior Member
I have installed CSF firewall in openvz hardware / main node . When i start the csf the vps inside the node not accessable even not pinging . how to enable this so that when csf is started in main node the vps are also accessable
Re: Installing CSF in hardware node [message #39077 is a reply to message #39054] Fri, 12 March 2010 15:33 Go to previous messageGo to next message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Dear selva,

as you know CSF is a set of services (or just a single service - I'm not sure) that provides you with firewall settings on your computer. Not surprisingly, it has to be tuned properly to work as good as you want. Your question is all about CSF not about OpenVZ. It's difficult to answer it because people looking through it don't have to be CSF guru (but there is a big chance that CSF guru is looking through OpenVZ forum Smile ). Evidently, you have to "open" somehow venet0 interface to be able to communicate with your VEs.
BTW, it may be helpful in your case
http://tutorials.ausweb.com.au/web/Tutorials/VPS-hosting-tut orials/How-to-install-CSF-Firewall-on-virtuozzo/
Re: Installing CSF in hardware node [message #45037 is a reply to message #39054] Mon, 23 January 2012 10:28 Go to previous messageGo to next message
cheitac is currently offline  cheitac
Messages: 17
Registered: June 2011
Location: Tbilisi
Junior Member
you can skip "venet0" in /etc/csf/csf.conf line: (ETH_DEVICE_SKIP = "venet0") it should work.
after that csf -r.

Wink

[Updated on: Mon, 23 January 2012 10:30]

Report message to a moderator

Re: Installing CSF in hardware node [message #45053 is a reply to message #45037] Tue, 24 January 2012 13:14 Go to previous messageGo to next message
mangelot is currently offline  mangelot
Messages: 14
Registered: January 2012
Junior Member
in /etc/csf folder create an file "csfpre.sh"
add following inside:

iptables -A INPUT -i venet0 -j ACCEPT
iptables -A OUTPUT -o venet0 -j ACCEPT
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -i venet0
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -o venet0


/etc/csf/csfpre.sh is executed before all the other iptables statements when csf is started, by default the file is not created.

the file stays there after update complete csf.
so no worries, you have to add it every time again after csf update. (/etc/csf/csf -u)

regards Marco


www.mangelot-hosting.nl
Re: Installing CSF in hardware node [message #45365 is a reply to message #45053] Tue, 28 February 2012 14:18 Go to previous message
astrovps is currently offline  astrovps
Messages: 1
Registered: February 2012
Junior Member

Which port (tcp/udp) should be opened for hardware node?
Previous Topic: error with ifconfig
Next Topic: openvz vrrp (and ucarp)
Goto Forum:
  


Current Time: Fri Mar 29 15:39:07 GMT 2024

Total time taken to generate the page: 0.01860 seconds