[Users] Connection Tracking inside a VPS
lst_hoe02 at kwsoft.de
lst_hoe02 at kwsoft.de
Wed Nov 23 06:01:26 EST 2011
Zitat von Daniel Bauer <mlist at dsb-gmbh.de>:
> Hi @all,
>
> I tried to do a firewall inside a VPS. I inserted in the .conf file
> a line like this
> IPTABLES="ip_conntrack ip_...
To which *.conf file have you added this? It is needed in vz.conf so
the modules get loaded by starting OpenVZ at the HN. You will also
need ipt_filter as far as i remember. You can try iptables with
conntrack on the HN, if it works there it should work inside VE too.
But don't try it with IPv6.
> and tried to use the connection tacking like this
> root at gw:~# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> iptables: No chain/target/match by that name.
>
> but it looks like there is no module for connection tracking.
Check with lsmod on the HN what is loaded. The VE is not able to load
any modules on demand.
Regards
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6178 bytes
Desc: S/MIME Cryptographic Signature
Url : http://openvz.org/pipermail/users/attachments/20111123/eaafe969/smime.bin
More information about the Users
mailing list