[Users] Connection Tracking inside a VPS - SOLVED
Daniel Bauer
mlist at dsb-gmbh.de
Wed Nov 23 07:14:09 EST 2011
Hallo Andreas,
From: <lst_hoe02 at kwsoft.de>
> Zitat von Daniel Bauer <mlist at dsb-gmbh.de>:
>
>> Hi @all,
>>
>> I tried to do a firewall inside a VPS. I inserted in the .conf file
>> a line like this
>> IPTABLES="ip_conntrack ip_...
>
> To which *.conf file have you added this? It is needed in vz.conf so
> the modules get loaded by starting OpenVZ at the HN. You will also
> need ipt_filter as far as i remember. You can try iptables with
> conntrack on the HN, if it works there it should work inside VE too.
ok, this was the failure, I've added this in the VPS*.conf, not in the
vz.conf, now it works.
> But don't try it with IPv6.
It's only an IPv4 net. IPv6 is scheduled for next year ;)
>> and tried to use the connection tacking like this
>> root at gw:~# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j
>> ACCEPT
>> iptables: No chain/target/match by that name.
>>
>> but it looks like there is no module for connection tracking.
>
> Check with lsmod on the HN what is loaded. The VE is not able to load
> any modules on demand.
The loading in the HN was successfull, but I've not allowed in the
vz.conf :(
Thanks a lot for you help!
Daniel
More information about the Users
mailing list