Firewall via IPTABLES

U

ukhost4u

Member
Oct 30, 2008
95
0
6
Hello,

I am trying to use csf firewall for cPanel. It works fine on a Virutozzo server I have but gives me errors in Proxmox.

I need to install it within a VE and as such I need to enable IP tables for the VE.

How would you suggest I best do this with Proxmox?

Thanks,

Paul Hughes
http://www.ukhost4u.com/
 
Hello,

Do I just need to add it to /etc/vz/vz.conf and no other place? Also what is the command to restart vz as: service vz restart does not work.

I used the guide on Parallels web site but they have changes listed in 2 places one of which I can't find and I also attempted to add it direct to the container config file but this didn't help.

If you could clarify how you would do this it would help for future.

Thanks,

Paul Hughes
 
Hi,

/etc/vz/vz.conf should exist on you proxmox server, if it's not, you have a serious problem, and openVZ will not work...

But, if you anyways find the file vz.conf , add this line to it:
IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

And delete the 'Iptables=' that is there already..
and do an /etc/init.d/vz restart
to restart openVZ.

Than CSF should and will work properly.
 
mastens said:
Hi,

/etc/vz/vz.conf should exist on you proxmox server, if it's not, you have a serious problem, and openVZ will not work...

But, if you anyways find the file vz.conf , add this line to it:
IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

And delete the 'Iptables=' that is there already..
and do an /etc/init.d/vz restart
to restart openVZ.

/etc/init.d/vz stop
/etc/init.d/vz start

Than CSF should and will work properly.
Click to expand...


Anyone want to make that a sticky !
 
Line should now read



IPTABLES="ipt_REJECT ipt_recent ipt_owner ipt_REDIRECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"


of course all on 1 line.
 
Hello, I'm using proxmox 2.3 and kernel 2.6.32-18. I wanted to upgrade the iptables 1.4.8 to 1.4.16 in proxmox version 2.3. After I upgraded it using apt-get, the iptables version did not change. Then I deleted the old version and installed version 1.4.16. When I checked the iptables -V, it was iptables v1.4.16. but when I checked dpkg -l | grep iptables it was still 1.4.8. my question is, can the iptables in proxmox be upgraded?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back