So what I gather from an entire day of searching forums here and elsewhere is that iptables cannot be happy running in the Ubuntu 8.04 template for OpenVZ, because it can't access the modules it wants to have. Since not having a firewall is no way to run a production server, I guess I'm going to have to install Ubuntu in a KVM virtual machine instead?
iptables not usable in Ubuntu VZ container?
- Thread starter unleeshop
- Start date
There are more downsides of OpenVZ than just not functioning iptables and inability to use most kernel functions/modules: i.e. lack of VPN.
With most hosting providers offering OpenVZ, you will also have a severe problem with the amount of inodes available on your system. No problem for a small web server, but anything bigger, you're out of luck.
For use iptables on your VE change this on your proxmox server
/etc/vz/vz.conf
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state"
For active modules on your VE add module in /etc/module on your proxmox server
for exemple
xt_tcpudp
ip_conntrack
xt_state
Sorry for my english
/etc/vz/vz.conf
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state"
For active modules on your VE add module in /etc/module on your proxmox server
for exemple
xt_tcpudp
ip_conntrack
xt_state
Sorry for my english