OpenVZ Forum


Home » General » Support » OpenVZ Inside Access (Access from VM to VM (container to container))
OpenVZ Inside Access [message #52059] Wed, 20 May 2015 20:21 Go to next message
tumtum is currently offline  tumtum
Messages: 4
Registered: May 2015
Junior Member
From: *adsl-surfen.hetnet.nl
Hello,

At the moment is openvz configured, with firewall rules allowed on the containers/vms. (csf)
It is configured.

The problem:
- Block port 80 with csf
- Still get access from another container with a different public IP to it.
So if i connect to another vms (same hn) it looks like the firewall rules are not applied and the machines can connect with each other with the rules enabled. For the outside world, the rules are fine.

What can i do to block access from container to container with the firewall on the vms, it is pretty weird this is possible by default?

Thanks.


Yes, I am!

[Updated on: Wed, 20 May 2015 20:21]

Report message to a moderator

Re: OpenVZ Inside Access [message #52063 is a reply to message #52059] Fri, 22 May 2015 18:11 Go to previous messageGo to next message
Paparaciz
Messages: 302
Registered: August 2009
Senior Member
From: *static.zebra.lt
maybe I misunderstood a question... but...
why should it be defined in HN who and what can accessed inside CT if not CT firewall itself?
Re: OpenVZ Inside Access [message #52064 is a reply to message #52063] Fri, 22 May 2015 20:29 Go to previous messageGo to next message
tumtum is currently offline  tumtum
Messages: 4
Registered: May 2015
Junior Member
From: *adsl-surfen.hetnet.nl
Example:

1 CT = running NGINX Reverse Proxy (CSF)
1 CT = Webserver (CSF)
1 HN = CSF / OpenVZ

With CSF Closing all ports on the Webserver CT/VM, but the NGINX Reverse Proxy can still access port 80/443 etc.
How is that possible? The ports are not closed for the cts?


Yes, I am!
Re: OpenVZ Inside Access [message #52065 is a reply to message #52059] Sat, 23 May 2015 06:37 Go to previous message
Paparaciz
Messages: 302
Registered: August 2009
Senior Member
From: *static.zebra.lt
what is it "CSF"?
what iptables rules are applied on "1 CT = Webserver (CSF)"?
Previous Topic: OpenVZ Debian 8 Jesse (current debian version) Support?
Next Topic: Transparent tcp proxy with haproxy in OpenVZ container
Goto Forum:
  


Current Time: Sat Jul 20 12:06:46 GMT 2019