Cerca

Lingua:  
Cerca:

  • Article for your preferred language does not exist. Below is international version of the article.
Versioni tradotte dell'articolo:

How do I install APF firewall into the VE?

APPLICABILE A:
  • Parallels Cloud Server
  • Parallels Virtuozzo Containers for Linux 4.7
  • Parallels Virtuozzo Containers for Linux 4.6
  • Parallels Virtuozzo Containers for Linux 4.0
  • Parallels Server Bare Metal

Resolution

The installation of APF requires you to complete some additional steps on the Hardware Node.

1. First, you need to define which iptables modules are available for VEs.

Edit /etc/sysconfig/iptables-config file on a Virtuozzo Hardware Node:
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

Edit /etc/sysconfig/vz file on a Virtuozzo Hardware Node:
IPTABLES="ipt_REJECT
ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"


Please note: The iptables modules list in IPTABLES and IPTABLES_MODULES parameters in /etc/sysconfig/vz and /etc/sysconfig/iptables-config files should be placed in one single line. No linebreaks are allowed in this parameter.

Restart Virtuozzo. All VEs will be restarted.
# service vz restart

2. Increase "numiptent" parameter for the VE you need to install APF into. This parameter limits the amount of iptables rules available for a VE. Default APF configuration requires ~400 rules. Try setting it to 400 as in the below example for VE #101:
# vzctl set 101 --numiptent 400 --save

3. Install APF inside the VE. Edit /etc/apf/conf.apf inside the VE, setting the following parameters:
IFACE_IN="venet0"
IFACE_OUT="venet0"
SET_MONOKERN="1"

4. Start APF inside the VE:
# /etc/init.d/apf start



eb0ea3b827d18de2329b6477e24c1d59 909d99074e442b52ce54cc7b31cf065d 177dc6fee28957c8ff798197ff2c6602 219be54dff19e220f37105b0000118f4 9bccb04d0396d587d8123e5e12b4740e 38b350a8e16219ab065862b865a4acb0 2897d76d56d2010f4e3a28f864d69223 ca05eaf5b843fbd53589c90d7228a6df bf1c3a170005eae151f49ba2720abde9

FEEDBACK
Questo articolo è stato utile?
Facci sapere come possiamo migliorarlo.
No
 
 
 
 
 
 
Virtualizzazione di Desktop
- Parallels Desktop 8 per Mac
- Parallels Desktop Switch to Mac Edition
- Enterprise
- Parallels Desktop per Mac Enterprise Edition
- Parallels Management Suite per Microsoft SCCM
- Tutti i Prodotti di virtualizzazione di desktop »
Piattaforme di Hosting & di Automazione di Cloud
Parallels Plesk Panel Suite
- Parallels Plesk Panel
- Parallels Plesk Automation
- Parallels Web Presence
Parallels Automation Suite
- Parallels Automation
- Parallels Automation for Cloud Infrastructure
- Parallels Business Automation Standard
Parallels Virtualization Suite
- Parallels Cloud Server
- Parallels Virtuozzo Containers
- Parallels Virtual Automation
Servizi & Risorse
- Services Cloud Acceleration
- Servizi professionali
- Servizi di supporto
- Training & Certificazione