[Users] Setting up an iptables firewall
cedric briner
work at infomaniak.ch
Wed Jul 22 03:19:02 EDT 2009
hello,
I think I do have found a mistake in:
http://wiki.openvz.org/Setting_up_an_iptables_firewall
My situation is:
HN on a 10 network : 10.194.66.92/255.255.252.0
CT on the same subnet 10 network: 10.192.65.220
even if I change the /etc/sysctl with:
# On Hardware Node we generally need
# packet forwarding enabled and proxy arp disabled
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.ip_forward=1
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
# Enables the magic-sysrq key
kernel.sysrq = 1
# TCP Explict Congestion Notification
#net.ipv4.tcp_ecn = 0
#
# we do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
and setup iptables with:
iptables -P FORWARD ACCEPT
iptables -F FORWARD
I'm still unable from my HN to have a connection with my CT. But I do
have good connection between other node on my subnet and my CT.
So to enable the connection between the HN and the CT, I've added to
iptables on the HN:
iptables -A INPUT -i venet0 -s 10.194.64.0/22 -j ACCEPT
iptables -A OUTPUT -o venet0 -d 10.194.64.0/22 -j ACCEPT
where 10.194.64.0/22 is the same definition of my
subnetwork:10.194.66.92/255.255.252.0
Ced
--
Cédric BRINER
Geneva - Switzerland
More information about the Users
mailing list