Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

csf & openVZ - how to debug problems?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

csf & openVZ - how to debug problems?

BruceBruce Member

guys, who is using csf to protect their host nodes? need some tips on how to debug problems.

running centos 6.5 64bit, latest stab106 kernel, latest csf, etc. googled plenty, so done all the tests and setup of iptables. logs don't show anything being blocked (traffic to VMs, this is)

used csf before, without problems, but not along with VMs.


  • SavioSavio Member
    edited April 2015

    Not advised to install CSF on a host node, however you can install csf in each VPS you create in the node, hope that makes sense.

    Are you trying to protect the entire node its self? and is there any reason you are not running CentOS 6.6 final ?

    Thanked by 1jar
  • jarjar Patron Provider, Top Host, Veteran
    edited April 2015

    CSF is basically meant to be a firewall for cPanel users. This should not be installed on the node. The iptables firewall is, I would argue, the smallest detail in Linux security.

    The logs you are referencing are probably more related to LFD which isn't checking the logs of your containers.

  • BruceBruce Member

    thanks for the advice guys.

    FYI, it is actually running 6.6 (installed 6.5, but after updates it now reports as 6.6).

    easier to manually add to iptables I think, and just block everything

  • ATHKATHK Member
    edited April 2015

    @Bruce said:
    easier to manually add to iptables I think, and just block everything

    Ideally nothing but internal traffic should hit the node right? As each container has a pubic IPv4 or v6.

    Unless of course its NAT'd

    Sorry for the off topic, just curious.

  • BruceBruce Member

    VMs aren't really the concern. correct, they have own IPs (not NAT)

    playing with using virtualizor on the node (for client control panel), but I think it's better to host that separately.

Sign In or Register to comment.