Hi,
I have Proxmox1.9.I installed a firewall like this:
http://montanalinux.org/node/1098
Normally I lost the ability to download something through the command "wget".
From wha tI found in google, edit /etc /sysctl.conf:
My sysctl.conf:
.
The firewall ports 60000:65000 unlocked, I used the command sysctl-p,on the main machine I can now download using wget, but unfortunately in each VPS (debian linux64bit) I still can not (the ports are enabled). when the individual wants to setsysctl.conf on VPS, withsysctl -pgives me:
"error:permission deniedonkey 'net.ipv4.ip_local_port_range'"
I have Proxmox1.9.I installed a firewall like this:
http://montanalinux.org/node/1098
Normally I lost the ability to download something through the command "wget".
From wha tI found in google, edit /etc /sysctl.conf:
My sysctl.conf:
Code:
# Avoid a smurf attack[/SIZE]
[SIZE=2]net.ipv4.icmp_echo_ignore_broadcasts = 1[/SIZE]
[SIZE=2]# Turn on protection for bad icmp error messages[/SIZE]
[SIZE=2]net.ipv4.icmp_ignore_bogus_error_responses = 1[/SIZE]
[SIZE=2]# Turn on syncookies for SYN flood attack protection[/SIZE]
[SIZE=2]net.ipv4.tcp_syncookies = 1[/SIZE]
[SIZE=2]# Turn on and log spoofed, source routed, and redirect packets[/SIZE]
[SIZE=2]net.ipv4.conf.all.log_martians = 1[/SIZE]
[SIZE=2]net.ipv4.conf.default.log_martians = 1[/SIZE]
[SIZE=2]# No source routed packets here[/SIZE]
[SIZE=2]net.ipv4.conf.all.accept_source_route = 0[/SIZE]
[SIZE=2]net.ipv4.conf.default.accept_source_route = 0[/SIZE]
[SIZE=2]# Turn on reverse path filtering[/SIZE]
[SIZE=2]net.ipv4.conf.all.rp_filter = 1[/SIZE]
[SIZE=2]net.ipv4.conf.default.rp_filter = 1[/SIZE]
[SIZE=2]# Make sure no one can alter the routing tables[/SIZE]
[SIZE=2]net.ipv4.conf.all.accept_redirects = 0[/SIZE]
[SIZE=2]net.ipv4.conf.default.accept_redirects = 0[/SIZE]
[SIZE=2]net.ipv4.conf.all.secure_redirects = 0[/SIZE]
[SIZE=2]net.ipv4.conf.default.secure_redirects = 0[/SIZE]
[SIZE=2]# Don't act as a router[/SIZE]
[SIZE=2]net.ipv4.ip_forward = 1[/SIZE]
[SIZE=2]net.ipv4.conf.all.send_redirects = 0[/SIZE]
[SIZE=2]net.ipv4.conf.default.send_redirects = 0[/SIZE]
[SIZE=2]# Turn on execshild[/SIZE]
[SIZE=2]kernel.exec-shield = 1[/SIZE]
[SIZE=2]kernel.randomize_va_space = 1[/SIZE]
[SIZE=2]# Tuen IPv6[/SIZE]
[SIZE=2]net.ipv6.conf.default.router_solicitations = 0[/SIZE]
[SIZE=2]net.ipv6.conf.default.accept_ra_rtr_pref = 0[/SIZE]
[SIZE=2]net.ipv6.conf.default.accept_ra_pinfo = 0[/SIZE]
[SIZE=2]net.ipv6.conf.default.accept_ra_defrtr = 0[/SIZE]
[SIZE=2]net.ipv6.conf.default.autoconf = 0[/SIZE]
[SIZE=2]net.ipv6.conf.default.dad_transmits = 0[/SIZE]
[SIZE=2]net.ipv6.conf.default.max_addresses = 1[/SIZE]
[SIZE=2]# Optimization for port usefor LBs[/SIZE]
[SIZE=2]# Increase system file descriptor limit[/SIZE]
[SIZE=2]fs.file-max = 65535[/SIZE]
[SIZE=2]# Allow for more PIDs (to reduce rollover problems); may break some programs 32768[/SIZE]
[SIZE=2]kernel.pid_max = 65536[/SIZE]
[SIZE=2]# Increase system IP port limits[/SIZE]
[SIZE=2]net.ipv4.ip_local_port_range = 60000 65000[/SIZE]
[SIZE=2]# Increase TCP max buffer size setable using setsockopt()[/SIZE]
[SIZE=2]net.ipv4.tcp_rmem = 4096 87380 8388608[/SIZE]
[SIZE=2]net.ipv4.tcp_wmem = 4096 87380 8388608[/SIZE]
[SIZE=2]# Increase Linux auto tuning TCP buffer limits[/SIZE]
[SIZE=2]# min, default, and max number of bytes to use[/SIZE]
[SIZE=2]# set max to at least 4MB, or higher if you use very high BDP paths[/SIZE]
[SIZE=2]# Tcp Windows etc[/SIZE]
[SIZE=2]net.core.rmem_max = 8388608[/SIZE]
[SIZE=2]net.core.wmem_max = 8388608[/SIZE]
[SIZE=2]net.core.netdev_max_backlog = 5000[/SIZE]
[SIZE=2]net.ipv4.tcp_window_scaling = 1[/SIZE]
.
The firewall ports 60000:65000 unlocked, I used the command sysctl-p,on the main machine I can now download using wget, but unfortunately in each VPS (debian linux64bit) I still can not (the ports are enabled). when the individual wants to setsysctl.conf on VPS, withsysctl -pgives me:
"error:permission deniedonkey 'net.ipv4.ip_local_port_range'"