OpenVZ Forum


Home » Mailing lists » Users » RHEL6 and stateful firewall inside container
RHEL6 and stateful firewall inside container [message #45140] Wed, 01 February 2012 11:17 Go to previous message
masse
Messages: 2
Registered: January 2010
Junior Member
Hello users@openvz.org

I'm trying to upgrade our rhel5 based openvz servers to rhel6 but I got
problem with iptables. If I try to use firewall inside container, I can
load rules, but firewall rejects all incoming packets. Host is redhet-6
and container is centos-6. I tested with kernels

vzkernel-2.6.32-042stab044.17.x86_64
vzkernel-2.6.32-042stab048.1.x86_64
vzkernel-2.6.32-042stab049.2.x86_64

My firewall config
# Generated by iptables-save v1.4.7 on Wed Feb 1 13:05:26 2012
*mangle
:PREROUTING ACCEPT [2:381]
:INPUT ACCEPT [2:381]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:559]
:POSTROUTING ACCEPT [4:559]
COMMIT
# Completed on Wed Feb 1 13:05:26 2012
# Generated by iptables-save v1.4.7 on Wed Feb 1 13:05:26 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:559]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Feb 1 13:05:26 2012

Is it know problem or is it my misconfiguration? Firewall on redhat-5 is
functioning fine.


--
Mikko Hirvonen <Mikko.V.Hirvonen@helsinki.fi>
Helsingin yliopisto / Tietotekniikkakeskus / Verkkopalvelut
 
Read Message
Read Message
Read Message
Read Message
Previous Topic: vmstat FPE
Next Topic: A question about Node RAM
Goto Forum:
  


Current Time: Sun Sep 01 09:14:13 GMT 2024

Total time taken to generate the page: 0.05858 seconds