Linux Virtuozzo, Virtuozzo

Enable Iptables/Firewall Modules for a VPS

Default firewall for Linux i.e. iptables is depends upon many kernel modules without which a server can’t be secured properly. Also the firewall configurations will give many errors while configuring it. So, it is required to have proper kernel modules enabled for a Server.

In case of a VPS, Virtually Hosted server which shared resources and kernel of Host server it’s not possible to compile/enable kernel related modules for a VPS from it. So, to run iptables properly a VPS too have proper kernel modules enabled which can be enabled from the host server. Normally a Virtuozzo OR OpenVZ based kernel only support following iptables modules

ipt_MASQUERADE
ipt_helper
ipt_SAME
ipt_REDIRECT
ipt_state
ipt_TCPMSS
ipt_LOG
ipt_TOS
iptable_nat
ipt_length
ipt_tcpmss
iptable_mangle
ipt_limit
ipt_tos
iptable_filter
ipt_helper
ipt_tos
ipt_ttl
ipt_REJECT


ENABLE MODULES ON HOST SERVER

To enable these modules for a VPS you will first have to enable these modules on the host server using command modprobe . So, just copy and paste the following commands on the Shell of HOST SERVER

modprobe ipt_MASQUERADE
modprobe ipt_helper
modprobe ipt_SAME
modprobe ipt_REDIRECT
modprobe ipt_state
modprobe ipt_TCPMSS
modprobe ipt_LOG
modprobe ipt_TOS
modprobe iptable_nat
modprobe ipt_length
modprobe ipt_tcpmss
modprobe iptable_mangle
modprobe ipt_limit
modprobe ipt_tos
modprobe iptable_filter
modprobe ipt_helper
modprobe ipt_tos
modprobe ipt_ttl
modprobe ipt_REJECT


Now make sure that all these modules are enabled on the server using command “lsmod“.

ENABLE MODULES FOR VPS

Now the above mentioned modules can be enabled for a VPS using two ways i.e. by using command OR by adding rules manually.

1) By Command:

Execute following command from the host server to enable all the modules for the VPS

vzctl set VEID --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save


2) Adding Rules manually:

Open the VPS configuration file which exists at /etc/vz/conf/veid.conf and paste following in the last line of the file.

IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc"


After adding rules reboot the VPS to apply/enable the modules.

1 Comment

  1. Great points altogether, you simply received a new reader. What could you suggest about your submit that you simply made a few days in the past? Any sure?

Leave a Reply