OpenVZ Forum


Home » General » Discussions » Iptables on Host Node
Iptables on Host Node [message #36340] Thu, 11 June 2009 16:24 Go to next message
Ashley is currently offline  Ashley
Messages: 40
Registered: December 2006
Member
Hello,

I am looking at securing my Host Node's, I was looking at trying to block all traffic to the host node's IP apart from SSH port and my port used for my own soap server.

Would this cause any problem's and also what ipconfig line's could I use to just block traffic to the one IP and not all the VPS's?

Thanks,
Ashley
Re: Iptables on Host Node [message #36805 is a reply to message #36340] Mon, 20 July 2009 23:30 Go to previous messageGo to next message
irontowngeek is currently offline  irontowngeek
Messages: 20
Registered: January 2009
Junior Member
As a suggestion for an alternative to using IPTABLES syntax,I would like to recommend using SHOREWALL firewall on the Node server.
It has excellent docs,and makes it easier for a user,if they are not that familiar with working with IPTABLES syntax.(all you need to do,is edit certain config files.(zones,interfaces,SNAT,DNAT,traffic shaping,etc)
To answer your question,you are doing to have to DNAT the incoming source IP subnet/address,to reflect the IP address(s) that you need to re-direct towards a given VE container.
Before moving to SHOREWALL,I configured an init script upon bootup,that would lock down access to the Node,and then open up the ports I needed,or redirected to a VE.
I'm at a Windows workstation at the moment,and I will post this
setup I used before,in hopes it may be useful to you,or use a guide.
Re: Iptables on Host Node [message #36837 is a reply to message #36805] Wed, 22 July 2009 20:53 Go to previous message
irontowngeek is currently offline  irontowngeek
Messages: 20
Registered: January 2009
Junior Member
I'm going to re-post this,as I'm having trouble getting it submitted.

To answer your question,as its stated,add this rule to the IMPUT chain.

iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port \
22 -j okay

There is a firewall script over in the OpenVZ WIKI,you might want to inspect.

http://wiki.openvz.org/Setting_up_an_iptables_firewall

For simplicity in console based firewalls,use SHOREWALL.

Cheers
Previous Topic: OpenVZ on multiple server
Next Topic: Virtuozzo XML API with PHP script
Goto Forum:
  


Current Time: Sun Feb 05 03:53:47 GMT 2023

Total time taken to generate the page: 0.01076 seconds