OpenVZ Forum


Home » General » Support » openVZ7: iptables
openVZ7: iptables [message #52601] Wed, 26 October 2016 09:29 Go to previous message
unlim is currently offline  unlim
Messages: 17
Registered: May 2011
Location: Ukraine
Junior Member
From: *20.18.9.176.clients.your-server.de
My cPanel has option "SMTP restrictions".
This option places the following rules into iptables:

-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mailman -j RETURN
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mail -j RETURN
-A OUTPUT -d 127.0.0.1/32 -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner cpanel -j RETURN
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner root -j RETURN

But on openVZ7 that rules not loaded (except one) and this case all 25 port requests to redirect to localhost - i.e. all email can't be sent from such server.


cPanel support say: "There is something on the node that isn't set that doesn't allow these rules to be loaded."
Is it possible to do smthng with that?

My settings:
HW /etc/sysconfig/iptables-config:
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ip_conntrack_netbios_ns ipt_owner ipt_REDIRECT ipt_recent"

CT conf:
NETFILTER="full"


p.s on openVZ6 I also tune IPTABLES_MODULES in the /etc/vz/vz.conf - but seems openVZ7 have no such options now.

[Updated on: Thu, 27 October 2016 11:03]

Report message to a moderator

 
Read Message
Read Message
Previous Topic: filefrag
Next Topic: ovztransfer.sh fails - 276209: Failed to umount ploop on
Goto Forum:
  


Current Time: Fri May 26 22:36:25 GMT 2017