berikut ini cara untuk enable iptables di openvz yang sebenarnya tidak dapat di lakukan by default
modprobe ipt_MASQUERADE
modprobe ipt_helper
modprobe ipt_REDIRECT
modprobe ipt_state
modprobe ipt_TCPMSS
modprobe ipt_LOG
modprobe ipt_TOS
modprobe tun
modprobe iptable_nat
modprobe ipt_length
modprobe ipt_tcpmss
modprobe iptable_mangle
modprobe ipt_limit
modprobe ipt_tos
modprobe iptable_filter
modprobe ipt_helper
modprobe ipt_tos
modprobe ipt_ttl
modprobe ipt_REJECT
modprobe ip_conntrack
jalankan perintah diatas di master vz atau tempat kamu install openvz
#vzctl stop
#vzctl set --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save
#vzctl start
sample (cara pakai)
root@google:~# vzctl stop 3421
Stopping container ...
Container was stopped
Container is unmounted
root@google:~# vzctl set 3421 --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save
CT configuration saved to /etc/vz/conf/3421.conf
root@google:~# vzctl start 3421Starting container ...
Container is mounted
Adding IP address(es): 10.10.6.7
Setting CPU units: 100000
Setting devices
Container start in progress...
yang harus kamu pastiin
#echo "" > /etc/sysconfig/iptables
#cat /etc/sysconfig/iptables-config
root@google:~# cat /etc/sysconfig/iptables-config | grep IPTABLES_MODULES
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"
IPTABLES_MODULES_UNLOAD="yes"
dan file config vz
root@google:~# cat /etc/vz/vz.conf | grep IPTABLES
IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT"
IPTABLES_MODULES="$IPTABLES"
the last thing don't forget to modprobe ip_conntrack
semoga bisa membantu. kalau ada pertanyaan silahkan kirim ke email atau comment di bawah.
