[PVE-User] openvz iptables

Timh B timh at shiwebs.net
Thu May 5 08:14:19 CEST 2011


On Wed, May 4, 2011 23:11, Luis Díaz wrote:
> Question 1.
> when performing an installation base Proxmox
> iptables is already set up properly or is necessary to refine the
> settings?

No iptables is configured after basic installation, you will have to
create and configure them by your self.

>
> Question 2.
> if necessary configure iptables in the installation base
> of Proxmox.
> What are the ports that I leave open for everything to work right?

Afaik ports 22,443 is enough, proxmox web-interface on https(443) and all
clustersync/migration/remote commands is done via port 22. I may be wrong
though.

> * I have 2 server with Proxmox ... one primary and one as a node to
> migrate
> vps
>
>
> Question 3.
> after configuring / etc / vz / vz.conf
> to configure each openvz iptables
> I can use "arno-iptables-firewall " to define basic rules in each openvz
> VPS?

Add your desired modules to;
## IPv4 iptables kernel modules
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter
iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state"

Then configure iptables inside containers as on any normal server.

>
> sorry .... but I am novice in this subject and I worry: S
>
> Díaz Luis
> http://www.facebook.com/diazluis2007
> User Linux 532223
> progjuegos.com
> TSU Analisis de Sistemas
> Universidad de Carabobo
> Facultad de Odontología <http://www.odontologia.uc.edu.ve/>
>
>
>
>
>
> 2011/5/4 Luis Díaz <diazluis2007 at gmail.com>
>
>> Question 1.
>> when performing an installation base Proxmox
>> iptables is already set up properly or is necessary to refine the
>> settings?
>>
>> Question 2.
>> if necessary configure iptables in the installation base
>> of Proxmox.
>> What are the ports that I leave open for everything to work right?
>> * I have 2 server with Proxmox ... one primary and one as a node to
>> migrate
>> vps
>>
>>
>> Question 3.
>> after configuring / etc / vz / vz.conf
>> to configure each openvz iptables
>> I can use "arno-iptables-firewall " to define basic rules in each openvz
>> VPS?
>>
>> sorry .... but I am novice in this subject and I worry: S
>>
>>
>> Díaz Luis
>> http://www.facebook.com/diazluis2007
>> User Linux 532223
>> progjuegos.com
>> TSU Analisis de Sistemas
>> Universidad de Carabobo
>> Facultad de Odontología <http://www.odontologia.uc.edu.ve/>
>>
>>
>>
>>
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>


-- 
//Timh




More information about the pve-user mailing list