by addhewarman

mengaktifkan iptables di openvz

berikut ini cara untuk enable iptables di openvz yang sebenarnya tidak dapat di lakukan by default


modprobe ipt_MASQUERADE
modprobe ipt_helper
modprobe ipt_REDIRECT
modprobe ipt_state
modprobe ipt_TCPMSS
modprobe ipt_LOG
modprobe ipt_TOS
modprobe tun
modprobe iptable_nat
modprobe ipt_length
modprobe ipt_tcpmss
modprobe iptable_mangle
modprobe ipt_limit
modprobe ipt_tos
modprobe iptable_filter
modprobe ipt_helper
modprobe ipt_tos
modprobe ipt_ttl
modprobe ipt_REJECT
modprobe ip_conntrack

jalankan perintah diatas di master vz atau tempat kamu install openvz


#vzctl stop
#vzctl set --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save
#vzctl start

sample (cara pakai)


root@google:~# vzctl stop 3421
Stopping container ...
Container was stopped
Container is unmounted
root@google:~# vzctl set 3421 --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save
CT configuration saved to /etc/vz/conf/3421.conf
root@google:~# vzctl start 3421Starting container ...
Container is mounted
Adding IP address(es): 10.10.6.7
Setting CPU units: 100000
Setting devices
Container start in progress...

yang harus kamu pastiin


#echo "" > /etc/sysconfig/iptables


#cat /etc/sysconfig/iptables-config
root@google:~# cat /etc/sysconfig/iptables-config | grep IPTABLES_MODULES
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"
IPTABLES_MODULES_UNLOAD="yes"

dan file config vz


root@google:~# cat /etc/vz/vz.conf | grep IPTABLES
IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT"
IPTABLES_MODULES="$IPTABLES"

the last thing don't forget to modprobe ip_conntrack

semoga bisa membantu. kalau ada pertanyaan silahkan kirim ke email atau comment di bawah.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w
Cancel

Connecting to %s