[Users] RHEL6 and stateful firewall inside container
Mikko Vasili Hirvonen
Mikko.V.Hirvonen at helsinki.fi
Wed Feb 1 06:17:06 EST 2012
Hello users at openvz.org
I'm trying to upgrade our rhel5 based openvz servers to rhel6 but I got
problem with iptables. If I try to use firewall inside container, I can
load rules, but firewall rejects all incoming packets. Host is redhet-6
and container is centos-6. I tested with kernels
vzkernel-2.6.32-042stab044.17.x86_64
vzkernel-2.6.32-042stab048.1.x86_64
vzkernel-2.6.32-042stab049.2.x86_64
My firewall config
# Generated by iptables-save v1.4.7 on Wed Feb 1 13:05:26 2012
*mangle
:PREROUTING ACCEPT [2:381]
:INPUT ACCEPT [2:381]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:559]
:POSTROUTING ACCEPT [4:559]
COMMIT
# Completed on Wed Feb 1 13:05:26 2012
# Generated by iptables-save v1.4.7 on Wed Feb 1 13:05:26 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:559]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Feb 1 13:05:26 2012
Is it know problem or is it my misconfiguration? Firewall on redhat-5 is
functioning fine.
--
Mikko Hirvonen <Mikko.V.Hirvonen at helsinki.fi>
Helsingin yliopisto / Tietotekniikkakeskus / Verkkopalvelut
More information about the Users
mailing list