Knowledgebase

Anyone have a OpenVZ firewall script for the CentOS host? Scenario ..

Posted by Blew, 04-07-2014, 02:37 AM
Hi Im new to OpenVZ. Using it for personal test/dev I have a dedicated server running CentOS 6.5.I need help with simple firewall script. Scenario: OpenVZ Host: * Centos 6.5 with 1 static IP (say 2.3.4.4). Running latest OpenVZ. Needs to have these ports accessible: Internet accessible by anyone: 80, 1101, 2322Accessible only from 3 ip addresses : 22, 1001 (say 2.3.1.1 /2 /3)Rest ports all blocked OpenVZ guest (all need to have mandatory port 25 blocked): Two guests will be assigned static IP that my dedicated server provider has allocated to me. (say 2.3.4.5 and 2.3.4.6 )few other guests which will not have dedicated IP but will only make outgoing connections. Can someone help with script to be able to do this? Appreciate it very much. I dont want to get it wrong. I guess for experts, this is super easy.
Posted by Truman, 04-07-2014, 11:59 AM
Which firewall are you running there?
Posted by supportoperator, 04-07-2014, 12:03 PM
you need to create the iptables rules for the same . if you want we can help me with the same . can you explain further .
Posted by Blew, 04-07-2014, 01:17 PM
Currently, before installing OpenVZ, I was using the following iptables script. The problem with the existing script (that I need help modifying is: With this script, OpenVZ containers were not accessible. when I disabled iptables, the openvz containers were accessible.I am not sure how to allow only specific sources to connect to 22 on host, but allow container specific firewall for rest.
Posted by ZonedHost, 04-07-2014, 01:19 PM
Did you not follow this tutorial on the OpenVZ Wiki? http://openvz.org/Setting_up_an_iptables_firewall If you understand how iptables work etc with a bit of self-server tweaking this works perfectly. But I advise you either always have an SSH session active or have a KVM available when testing as it doesn't take much to make this script lock everyone out if its incorrect. Regards.
Posted by RRWH, 04-07-2014, 07:10 PM
Check out the details on OpenVZ website and I use in conjunction with CSF on both the node and guest.


Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article
Also Read
Server configuration problem. (Views: 571)
What host will give me... (Views: 606)
SSL=compulsory use of host's nameservers? (Views: 539)
hivelocity down? (Views: 689)
advice reseller or vps (Views: 618)


Language:

Client Menu

 

Client Login

Email

Password

Remember Me

Search



  
 

Clients

Hosting

VPS Hosting

About Us

Contact Us

Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.