[Users] Setting up an iptables firewall

cedric briner work at infomaniak.ch
Wed Jul 22 03:19:02 EDT 2009


hello,

I think I do have found a mistake in:
http://wiki.openvz.org/Setting_up_an_iptables_firewall

My situation is:
   HN on a 10 network              : 10.194.66.92/255.255.252.0
   CT on the same subnet 10 network: 10.192.65.220

even if I change the /etc/sysctl with:
   # On Hardware Node we generally need
   # packet forwarding enabled and proxy arp disabled
   net.ipv4.conf.default.forwarding=1
   net.ipv4.conf.default.proxy_arp = 0
   net.ipv4.ip_forward=1
   # Enables source route verification
   net.ipv4.conf.all.rp_filter = 1
   # Enables the magic-sysrq key
   kernel.sysrq = 1
   # TCP Explict Congestion Notification
   #net.ipv4.tcp_ecn = 0
   #
   # we do not want all our interfaces to send redirects
   net.ipv4.conf.default.send_redirects = 1
   net.ipv4.conf.all.send_redirects = 0

and setup iptables with:
   iptables -P FORWARD ACCEPT
   iptables -F FORWARD

I'm still unable from my HN to have a connection with my CT. But I do 
have good connection between other node on my subnet and my CT.

So to enable the connection between the HN and the CT, I've added to 
iptables on the HN:
   iptables -A INPUT  -i venet0 -s  10.194.64.0/22 -j ACCEPT
   iptables -A OUTPUT -o venet0 -d  10.194.64.0/22 -j ACCEPT

where 10.194.64.0/22 is the same definition of my 
subnetwork:10.194.66.92/255.255.252.0


Ced

--
Cédric BRINER
Geneva - Switzerland




More information about the Users mailing list