Instructions
change in /etc/sysconfig/iptables on the HOST from:
IPTABLES_MODULES=""
to
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"
Restart the OpenVZ service with the command below. Please note that this will suspend and restart all of your containers. I had an rsync (centos mirror) running on one of them when this happened and it was continuing happily after doing this.
/etc/init.d/vz restart
In my experience, even after having done this, there was still no /etc/sysconfig/iptables file in CentOS containers. Also, running iptables-save and iptables-restore did not write to and read from that file. You have to manually specify the file like so:
iptables-save > /etc/sysconfig/iptables
iptables-restore < /etc/sysconfig/iptables
iptables-restore < /etc/sysconfig/iptables
No comments:
Post a Comment