Enable Iptables/Firewall Modules for a VPS

Default firewall for Linux i.e. iptables is depends upon many kernel modules without which a server can’t be secured properly. Also the firewall configurations will give many errors while configuring it. So, it is required to have proper kernel modules enabled for a Server.

In case of a VPS, Virtually Hosted server which shared resources and kernel of Host server it’s not possible to compile/enable kernel related modules for a VPS from it. So, to run iptables properly a VPS too have proper kernel modules enabled which can be enabled from the host server. Normally a Virtuozzo OR OpenVZ based kernel only support following iptables modules

ipt_MASQUERADE
ipt_helper
ipt_SAME
ipt_REDIRECT
ipt_state
ipt_TCPMSS
ipt_LOG
ipt_TOS
iptable_nat
ipt_length
ipt_tcpmss
iptable_mangle
ipt_limit
ipt_tos
iptable_filter
ipt_helper
ipt_tos
ipt_ttl
ipt_REJECT


ENABLE MODULES ON HOST SERVER

To enable these modules for a VPS you will first have to enable these modules on the host server using command modprobe . So, just copy and paste the following commands on the Shell of HOST SERVER

modprobe ipt_MASQUERADE
modprobe ipt_helper
modprobe ipt_SAME
modprobe ipt_REDIRECT
modprobe ipt_state
modprobe ipt_TCPMSS
modprobe ipt_LOG
modprobe ipt_TOS
modprobe iptable_nat
modprobe ipt_length
modprobe ipt_tcpmss
modprobe iptable_mangle
modprobe ipt_limit
modprobe ipt_tos
modprobe iptable_filter
modprobe ipt_helper
modprobe ipt_tos
modprobe ipt_ttl
modprobe ipt_REJECT


Now make sure that all these modules are enabled on the server using command “lsmod“.

ENABLE MODULES FOR VPS

Now the above mentioned modules can be enabled for a VPS using two ways i.e. by using command OR by adding rules manually.

1) By Command:

Execute following command from the host server to enable all the modules for the VPS

vzctl set VEID --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save


2) Adding Rules manually:

Open the VPS configuration file which exists at /etc/vz/conf/veid.conf and paste following in the last line of the file.

IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc"


After adding rules reboot the VPS to apply/enable the modules.

Published by Mike

Milind Koyande loves to work on new technologies specially virtualization and troubleshoot server problems. I’m an avid photographer and love to spend my free time close to nature, trying to capture its glory on my camera.

Join the Conversation

1 Comment

  1. Pingback: Google
Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.