[Users] firewalld HW node

mailinglist at tikklik.nl mailinglist at tikklik.nl
Wed Jan 6 15:19:27 MSK 2021 

thanx

-----Oorspronkelijk bericht-----
Van: users-bounces at openvz.org <users-bounces at openvz.org> Namens Vasily
Averin
Verzonden: woensdag 6 januari 2021 12:40
Aan: users at openvz.org
Onderwerp: Re: [Users] firewalld HW node

You can just remove following strings and then reload firewalld config.
[root at vvs-ovz7 ~]# grep -r venet /etc/firewalld/
/etc/firewalld/direct.xml: <rule priority="10" table="filter" ipv="ipv4"
chain="INPUT_direct">-i venet0 -j DROP</rule>
/etc/firewalld/direct.xml: <rule priority="10" table="filter" ipv="ipv6"
chain="INPUT_direct">-i venet0 -j DROP</rule>

On 1/6/21 1:55 PM, mailinglist at tikklik.nl wrote:
> Thanks for the pointers
> 
> Hm i think it is this?
> 
> 2   120 DROP       all  --  venet0 *       0.0.0.0/0            0.0.0.0/0
> 
> So how to accept traffic from venet0?
> 
> 
> Thanxs
> Steffan
> 
> -----Oorspronkelijk bericht-----
> Van: Vasily Averin <vvs at virtuozzo.com> 
> Verzonden: woensdag 6 januari 2021 11:27
> Aan: users at openvz.org; mailinglist at tikklik.nl
> Onderwerp: Re: [Users] firewalld HW node
> 
> Dear Steffan,
> I think this behavior depends on IP addressed used by containers.
> Though anyway: for troubleshooting you need to look at counters of
iptables rules on host, this should help you to understand which one eats
containers packets. Then you'll need to modify the rules.
> 
> Please generate some trafic  from container to host and use following
commands to find dropped packets.
> iptables -L -n -v
> iptables -L -n -v -t mangle
> iptables -L -n -v -t nat
> 
> 
> Thank you,
> 	Vasily Averin 
> 
> On 1/5/21 2:52 PM, mailinglist at tikklik.nl wrote:
>> Hello,
>>
>>  
>>
>> When enabling firewalld on the hardware node (openvz 7)
>>
>> The VPS on it cant SSH tot his node
>> It can ssh outside to other nodes.
>>
>> i can remote SSH tot he HW node
>> Any idee why local is not working?
>>
>>
>> With regards
>>
>> Steffan
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at openvz.org
>> https://lists.openvz.org/mailman/listinfo/users
>>
> 
> 
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://lists.openvz.org/mailman/listinfo/users
> 
_______________________________________________
Users mailing list
Users at openvz.org
https://lists.openvz.org/mailman/listinfo/users

More information about the Users mailing list