| OpenVZ and Iptables [message #16446] |
Thu, 06 September 2007 18:06  |
rodrigosprimo
Messages: 1
Registered: September 2007
Location: Brazil
|
Junior Member |
|
|
Hi there,
I'm trying to configure a firewall on a VM running Debian 4.0. The Hardware Node runs CentOS (kernel 2.6.9-023stab043.2-smp) with OpenVZ.
I'm using the following rules:
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -j ACCEPT -p tcp --dport 21
iptables -A INPUT -j ACCEPT -p tcp --dport 22
iptables -A INPUT -j ACCEPT -p tcp --dport 80
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
The last rule fail with this error message:
utopia:~# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name
On my machine running Ubuntu 7.04 I can use this rules without problem. So I think this might be related with some missing kernel module, but I can't find out which. Any ideas?
Thanks, Rodrigo.
|
|
|
|
|
|
| Re: OpenVZ and Iptables [message #16484 is a reply to message #16446] |
Sat, 08 September 2007 18:54  |
 |
dowdle
Messages: 261
Registered: December 2005
Location: Bozeman, Montana
|
Senior Member |
|
|
If you want to have a firewall on your host node... and firewall your VPSes... and control everything from the host node... the firewall script in the OpenVZ wiki works really well and is pretty simple to understand:
http://wiki.openvz.org/Setting_up_an_iptables_firewall
Since you are using CentOS on your hardware node, it will work without any modifications.
--
TYL, Scott Dowdle
Belgrade, Montana, USA
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
