Enable Iptables/Firewall Modules for a VPS
Default firewall for Linux i.
e.
iptables is depends upon many kernel modules without which a server can't be secured properly.
Also the firewall configurations will give many errors while configuring it.
So, it is required to have proper kernel modules enabled for a Server.
In case of a VPS, Virtually Hosted server which shared resources and kernel of Host server it's not possible to compile/enable kernel related modules for a VPS from it.
So, to run iptables properly a VPS too have proper kernel modules enabled which can be enabled from the host server.
Normally a Virtuozzo OR OpenVZ based kernel only support following iptables modules ipt_MASQUERADE ipt_helper ipt_SAME ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_helper ipt_tos ipt_ttl ipt_REJECT ENABLE MODULES ON HOST SERVER To enable these modules for a VPS you will first have to enable these modules on the host server using command modprobe.
So, just copy and paste the following commands on the Shell of HOST SERVER modprobe ipt_MASQUERADE modprobe ipt_helper modprobe ipt_SAME modprobe ipt_REDIRECT modprobe ipt_state modprobe ipt_TCPMSS modprobe ipt_LOG modprobe ipt_TOS modprobe iptable_nat modprobe ipt_length modprobe ipt_tcpmss modprobe iptable_mangle modprobe ipt_limit modprobe ipt_tos modprobe iptable_filter modprobe ipt_helper modprobe ipt_tos modprobe ipt_ttl modprobe ipt_REJECT Now make sure that all these modules are enabled on the server using command "lsmod".
ENABLE MODULES FOR VPS Now the above mentioned modules can be enabled for a VPS using two ways i.
e.
by using command OR by adding rules manually.
1) By Command: Execute following command from the host server to enable all the modules for the VPS vzctl set VEID --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save 2) Adding Rules manually: Open the VPS configuration file which exists at /etc/vz/conf/veid.
conf and paste following in the last line of the file.
IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc" After adding rules reboot the VPS to apply/enable the modules.
e.
iptables is depends upon many kernel modules without which a server can't be secured properly.
Also the firewall configurations will give many errors while configuring it.
So, it is required to have proper kernel modules enabled for a Server.
In case of a VPS, Virtually Hosted server which shared resources and kernel of Host server it's not possible to compile/enable kernel related modules for a VPS from it.
So, to run iptables properly a VPS too have proper kernel modules enabled which can be enabled from the host server.
Normally a Virtuozzo OR OpenVZ based kernel only support following iptables modules ipt_MASQUERADE ipt_helper ipt_SAME ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_helper ipt_tos ipt_ttl ipt_REJECT ENABLE MODULES ON HOST SERVER To enable these modules for a VPS you will first have to enable these modules on the host server using command modprobe.
So, just copy and paste the following commands on the Shell of HOST SERVER modprobe ipt_MASQUERADE modprobe ipt_helper modprobe ipt_SAME modprobe ipt_REDIRECT modprobe ipt_state modprobe ipt_TCPMSS modprobe ipt_LOG modprobe ipt_TOS modprobe iptable_nat modprobe ipt_length modprobe ipt_tcpmss modprobe iptable_mangle modprobe ipt_limit modprobe ipt_tos modprobe iptable_filter modprobe ipt_helper modprobe ipt_tos modprobe ipt_ttl modprobe ipt_REJECT Now make sure that all these modules are enabled on the server using command "lsmod".
ENABLE MODULES FOR VPS Now the above mentioned modules can be enabled for a VPS using two ways i.
e.
by using command OR by adding rules manually.
1) By Command: Execute following command from the host server to enable all the modules for the VPS vzctl set VEID --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save 2) Adding Rules manually: Open the VPS configuration file which exists at /etc/vz/conf/veid.
conf and paste following in the last line of the file.
IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc" After adding rules reboot the VPS to apply/enable the modules.
Source...