New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
csf & openVZ - how to debug problems?
guys, who is using csf to protect their host nodes? need some tips on how to debug problems.
running centos 6.5 64bit, latest stab106 kernel, latest csf, etc. googled plenty, so done all the tests and setup of iptables. logs don't show anything being blocked (traffic to VMs, this is)
used csf before, without problems, but not along with VMs.
Comments
Not advised to install CSF on a host node, however you can install csf in each VPS you create in the node, hope that makes sense.
Are you trying to protect the entire node its self? and is there any reason you are not running CentOS 6.6 final ?
CSF is basically meant to be a firewall for cPanel users. This should not be installed on the node. The iptables firewall is, I would argue, the smallest detail in Linux security.
The logs you are referencing are probably more related to LFD which isn't checking the logs of your containers.
thanks for the advice guys.
FYI, it is actually running 6.6 (installed 6.5, but after updates it now reports as 6.6).
easier to manually add to iptables I think, and just block everything
Ideally nothing but internal traffic should hit the node right? As each container has a pubic IPv4 or v6.
Unless of course its NAT'd
Sorry for the off topic, just curious.
VMs aren't really the concern. correct, they have own IPs (not NAT)
playing with using virtualizor on the node (for client control panel), but I think it's better to host that separately.