VPS iptables problems
Posted: 22 Jan 2007, 11:32
If you get iptables errors when trying to start csf on a VPS then you most likely have missing iptables modules for your VPS.
If your hosting provider wants to know how to configure iptables correctly on a VPS server, then you should point them to this Parallels FAQ and have them follow it (plus to add ip_conntrack_ftp to the list of required modules):
https://openvz.org/Setting_up_an_iptabl ... figuration
csf requires at least these iptables modules:
ip_tables
ipt_state
ipt_multiport
iptable_filter
ipt_limit
ipt_LOG
ipt_REJECT
ipt_conntrack
ip_conntrack
ip_conntrack_ftp
iptable_mangle
Other modules where available for additional functionality:
ipt_owner
ipt_recent
iptable_nat
ipt_REDIRECT
The VPS Host provider can test whether they have fixed the environment by running:
/etc/csf/csftest.pl
This should run without any FATAL errors. If any such errors are present, they have not done it correctly or are using a broken kernel on the VPS client.
If you suffer from "memory allocation" errors with iptables on a VPS, make sure that your numiptent setting (as mentioned in the Parallels FAQ) is set sufficiently high. We recommend having numiptent set to at least 1500.
If your hosting provider wants to know how to configure iptables correctly on a VPS server, then you should point them to this Parallels FAQ and have them follow it (plus to add ip_conntrack_ftp to the list of required modules):
https://openvz.org/Setting_up_an_iptabl ... figuration
csf requires at least these iptables modules:
ip_tables
ipt_state
ipt_multiport
iptable_filter
ipt_limit
ipt_LOG
ipt_REJECT
ipt_conntrack
ip_conntrack
ip_conntrack_ftp
iptable_mangle
Other modules where available for additional functionality:
ipt_owner
ipt_recent
iptable_nat
ipt_REDIRECT
The VPS Host provider can test whether they have fixed the environment by running:
/etc/csf/csftest.pl
This should run without any FATAL errors. If any such errors are present, they have not done it correctly or are using a broken kernel on the VPS client.
If you suffer from "memory allocation" errors with iptables on a VPS, make sure that your numiptent setting (as mentioned in the Parallels FAQ) is set sufficiently high. We recommend having numiptent set to at least 1500.