Results 1 to 3 of 3
-
01-05-2009, 12:05 PM #1Web Hosting Master
- Join Date
- Mar 2009
- Location
- Austin, TX
- Posts
- 935
Is it me or that anyone else experiencing the VZ master node not properly configured for those front-end firewall programs?
I recently purchased couple Linux VPSs (OpenVZ) from different vendors and both seems not having iptables properly configured. One of them finally got resolved, but took like a week for them to figure out what's wrong with it.
I'm currently still stuck with second VPS not protected.
I have not check into which iptables modules APF or CSF requires, but VPS vendors/resellers should expect their clients would be using those and properly configure their VZ master prior to deployments.
I'm begin to wonder people that purchases VPS slices, are they using any decent firewall front-end or not.
It always seems that ip_conntrack is missing. When exists, everything works.
Any thoughts?
-
01-05-2009, 12:54 PM #2WebHostingTalk Lover
- Join Date
- Mar 2003
- Location
- New York City
- Posts
- 7,406
Depends on the host/company and their configurations in the end. Typically this shouldn't be a problem especially when it coems to CSF or APF :\
Good luck with resolving them though
-
01-05-2009, 01:39 PM #3Web Hosting Master
- Join Date
- Jan 2003
- Location
- U.S.A.
- Posts
- 3,928
These are the typical iptables setup on a OpenVZ host..
IPTABLES="ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp
It sounds like you just had some bad luck :/