[PVE-User] openvz iptables
Luis Díaz
diazluis2007 at gmail.com
Sat May 7 23:49:06 CEST 2011
Greetings!
I've been trying to get back safe I have with openvz vps.
I have little knowledge about it (do not use iptables) and I'm really late
to work.
I have done the following.
Change my openvz VPS for KVM
and opened ports 80, 22, 443
with arno-iptables-firewall
but still I have not configured iptables on the central server (Proxmox).
I am is because when I use arno-iptables-firewall
the vps goes offline.
ifconfig looking at the central server, I see interfaces eth0 and more 2 to
be those of the vps.
well .. ingnorancia I apologize so much trouble.
I hope some kind of advice.
Díaz Luis
http://www.facebook.com/diazluis2007
User Linux 532223
progjuegos.com
TSU Analisis de Sistemas
Universidad de Carabobo
Facultad de Odontología <http://www.odontologia.uc.edu.ve/>
2011/5/5 Timh B <timh at shiwebs.net>
>
> On Wed, May 4, 2011 23:11, Luis Díaz wrote:
> > Question 1.
> > when performing an installation base Proxmox
> > iptables is already set up properly or is necessary to refine the
> > settings?
>
> No iptables is configured after basic installation, you will have to
> create and configure them by your self.
>
> >
> > Question 2.
> > if necessary configure iptables in the installation base
> > of Proxmox.
> > What are the ports that I leave open for everything to work right?
>
> Afaik ports 22,443 is enough, proxmox web-interface on https(443) and all
> clustersync/migration/remote commands is done via port 22. I may be wrong
> though.
>
> > * I have 2 server with Proxmox ... one primary and one as a node to
> > migrate
> > vps
> >
> >
> > Question 3.
> > after configuring / etc / vz / vz.conf
> > to configure each openvz iptables
> > I can use "arno-iptables-firewall " to define basic rules in each openvz
> > VPS?
>
> Add your desired modules to;
> ## IPv4 iptables kernel modules
> IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter
> iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state"
>
> Then configure iptables inside containers as on any normal server.
>
> >
> > sorry .... but I am novice in this subject and I worry: S
> >
> > Díaz Luis
> > http://www.facebook.com/diazluis2007
> > User Linux 532223
> > progjuegos.com
> > TSU Analisis de Sistemas
> > Universidad de Carabobo
> > Facultad de Odontología <http://www.odontologia.uc.edu.ve/>
> >
> >
> >
> >
> >
> > 2011/5/4 Luis Díaz <diazluis2007 at gmail.com>
> >
> >> Question 1.
> >> when performing an installation base Proxmox
> >> iptables is already set up properly or is necessary to refine the
> >> settings?
> >>
> >> Question 2.
> >> if necessary configure iptables in the installation base
> >> of Proxmox.
> >> What are the ports that I leave open for everything to work right?
> >> * I have 2 server with Proxmox ... one primary and one as a node to
> >> migrate
> >> vps
> >>
> >>
> >> Question 3.
> >> after configuring / etc / vz / vz.conf
> >> to configure each openvz iptables
> >> I can use "arno-iptables-firewall " to define basic rules in each openvz
> >> VPS?
> >>
> >> sorry .... but I am novice in this subject and I worry: S
> >>
> >>
> >> Díaz Luis
> >> http://www.facebook.com/diazluis2007
> >> User Linux 532223
> >> progjuegos.com
> >> TSU Analisis de Sistemas
> >> Universidad de Carabobo
> >> Facultad de Odontología <http://www.odontologia.uc.edu.ve/>
> >>
> >>
> >>
> >>
> > _______________________________________________
> > pve-user mailing list
> > pve-user at pve.proxmox.com
> > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> >
>
>
> --
> //Timh
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20110507/c2979feb/attachment.htm>
More information about the pve-user
mailing list