Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


IPTables Modules missing - CSF
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

IPTables Modules missing - CSF

GoSSDHostingGoSSDHosting Member, Host Rep

Hello,
I have the following modules missing to run CSF on my openvz vps:
ipt_state/xt_state
xt_connlimit
iptable_nat/ipt_Redirect
iptable_nat/ipt_Dnat

I have access to server and vps, so i tried modifying etc/vz/vz.conf seeing what i read on many forums.. :

IPTABLES=”ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp ipt_recent ipt_owner ipt_conntrack ipt_helper ipt_REDIRECT ipt_recent ipt_owner”

This is what mentioned everywhere but in my vz.conf i dont have IPTABLES only!! Here is my vz.conf:

WARNING: IPTABLES parameter is deprecated,

use per-container (not global!) NETFILTER instead

iptables kernel modules to be loaded by init.d/vz script

IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ip6_tables ip6table_filter ip6table_mangle ip6t_REJECT"


Please help me solve this...

Comments

  • BruceBruce Member

    did you run the test ?

    /etc/csf/csftest.pl

    plenty of results when you use google :)

    http://www.woktron.com/secure/knowledgebase/77/Installation-CSF-Firewall-on-CentOS-5-and-6.html

  • open a support ticket and get your provider to do it for you, nothing can be done from your end.

  • BruceBruce Member

    @century1stop said:
    open a support ticket and get your provider to do it for you, nothing can be done from your end.

    you first need to understand if it's a node problem or container problem. if it's the node, ask your provider. if it's the container, sort it out yourself

  • fitvpnfitvpn Member

    Provider may not support TUN/TAP iptables on OpenVZ
    Do not use OpenVZ and everything solved :)

  • GoSSDHostingGoSSDHosting Member, Host Rep

    @fitvpn said:
    Provider may not support TUN/TAP iptables on OpenVZ
    Do not use OpenVZ and everything solved :)

    I have enabled TUN/TAP for VPS... Still facing issue?

  • fitvpnfitvpn Member

    hostbigspace said: I have enabled TUN/TAP for VPS... Still facing issue?

    Yes, TUN/TAP and iptables depends each other but not the same thing. TUN/TAP useless without iptables enabled by provider. Personally I leave OpenVZ for VPN purposes.

  • century1stopcentury1stop Member
    edited July 2015

    @Bruce said:
    you first need to understand if it's a node problem or container problem. if it's the node, ask your provider. if it's the container, sort it out yourself

    if the node has necessary modules, this issue will not arise. fyi, our OVZs are provisioned with these modules and all of 'em run csf out of the box

  • fitvpnfitvpn Member

    Several providers don't know wtf iptables and how to enable it on their side. Fuck OpenVZ Go KVM :)

  • BruceBruce Member

    @fitvpn said:
    Several providers don't know wtf iptables and how to enable it on their side.

    so choose one that does!

  • fitvpnfitvpn Member
    edited July 2015

    hostbigspace said: hostbigspace

    Open a ticket and ask provider enable iptables, if they refuse you you cannot use your VPS for VPN. iptables may resets after each reboot from provider side,need open tickets one by one each time. Also which script you tried to install? If it official OpenVPN script from openvpn.net, this script working incorrectly with OpenVZ. Best solution switch to KVM or Xen. :)

Sign In or Register to comment.