Jump to content

Photo

IMPORTANT: iptables firewalls in containers

hosting

3 replies to this topic

#1
drobbins

drobbins

    Administrator

  • Administrators
  • 136 posts

Hi everyone,

 

Some people are trying to set up iptables firewalls in their containers, and they are unexpectedly locking themselves out of their containers.

The reason why this is happening is because stateful connection tracking is disabled by default in OpenVZ inside a container, and I need to manually enable it. So rules that track the state of connection (NEW, ESTABLISHED, RELATED), will not work, and then typically you will lose ssh access to your container.

 

The solution (for now) is to contact me directly and have me enable stateful connection tracking if you plan to deploy a firewall, so that these rules will work for you.

 

-Daniel


  • mitzip likes this

#2
Andrew Hobden

Andrew Hobden

    Newbie

  • Members
  • Pip
  • 3 posts

Note you also cannot use MASQUERADE either.



#3
destroyfx

destroyfx

    Newbie

  • Members
  • Pip
  • 1 posts

It's the reason why I use XEN/KVM for VPN/Nat VM. Using mostly OpenVZ for the rest.



#4
irag12

irag12

    Newbie

  • Members
  • Pip
  • 1 posts
Thank you for being so kind and helping me. I am hoping this puts me on the right path!

Get Braindumps demos for pass4sure and Georgian Court University
 



Reply to this topic



  


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users