HostSEO Blog

Stories and News from IT Industry, Reviews & Tips | Technology Blog


csf + lfd firewall configuration in vps (virtuozzo /openvz)

Introduction:

In general csf is giving good compatibility with cpanel servers . But in a vps (openvz or Virtuzzo) the csf configuration is something different.

Sometimes you may get an error as follow after the csf installation in vps

Error: iptables command [/sbin/iptables -v -A LOGDROPIN -p tcp -m limit –limit 30/m –limit-burst 5 -j LOG –log-prefix ‘Firewall: *TCP_IN Blocked* ‘] failed, at line 196

So how to resolve this issue. Let us do it as follows,

There are two steps to configure the csf in vps

  • Main vps server ( The host server ,in which the vps nodes are running) configuration
  • Vps node configuration.

Main vps serverconfiguration

Before starting the csf installation in a node login to the main server (host server) and check whether the following modules are inserted in to the kernel


ipt_conntrack
ipt_LOG
ipt_owner
ipt_state
ip_conntrack_ftp

You can check it as follows


# lsmod |grep -i <module-name>

If not please insert these modules into the kernel.


#modprob <module-name>
eg: modprob ipt_conntrack

Now add these modules to iptable configuration as follows.


# vi /etc/sysconfig/iptables-config
Add the following in this file
IPTABLES_MODULES=”ipt_conntrack ipt_LOG ipt_owner ipt_state ip_conntrack_ftp”

Now edit the vps configuration file from /etc/sysconfig/vz-scripts/ Let 101 is the VEID, add the above inserted modules in to the IPTABLE section in this configuration file.


# vi /etc/sysconfig/vz-scripts/101.conf
IPTABLES=”iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ipt_state
iptable_nat ip_nat_ftp ipt_owner ip_conntrack_ftp”

Here we completed the main vps server configuration . So now reboot the child node (not main server) as follows

# vzctl restart <veid>

eg: vzctl restart 101

ii) Vps node configuration.

Now ssh /enter your child vps node

Now download and install the csf . You can download the csf from here

Before restarting the csf let us do some configurations as follows , Edit the file /etc/csf/csf.conf .Then set the following variables


ETH_DEVICE = “venet0″ #from ifconfig you can see the n/w device
MONOLITHIC_KERNEL = “1″
VERBOSE = “0″ # will disable the verbose output during start

Now start the csf and lfd .

/etc/init.d/csf start

/etc/init.d/lfd start

Note: If it is cpanel server go to whm and configure the firewall settings

Subscribe Now

10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!

Archive Calendar

SatSunMonTueWedThuFri
 123456
78910111213
14151617181920
21222324252627
28293031 

Born in 2004 ... Trusted By Clients n' Experts

SEO Stars

They never made me feel silly for asking questions. Help me understand how to attract more people and improve my search engine ranking.

Read More

Emily Schneller Manager at Sabre Inc
SEO Stars

Took advantage of Hostseo's superb tech support and I must say, it is a very perfect one. It is very fast, servers reliability is incredible.

Read More

Leena Mäkinen Creative producer
SEO Stars

We're operating a worldwide network of servers with high quality standards requirements, we’ve choose hostseo to be our perfect partner.

Read More

Ziff Davis CEO at Mashable
SEO Stars

It’s very comfortable to know I can rely about all technical issues on Hostseo and mostly that my website and emails are safe and secured here.

Read More

Isaac H. Entrepreneur
SEO Stars

With hostseo as a hosting partner we are more flexible and save money due to the better packages with great pricing, free SEO n' free SSL too!

Read More

Madeline E. Internet Professional