Hi, I've got a problem with iptables on openvz (ubuntu 8.04)
I know that openvz is a for iptables and I know that some modules are not loaded by default (I can't move to another hosting provider right now).
I've been googling since last week trying everything but I haven't fixed it yet.
My iptables is this one (got from slicehost):
*filter
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allows all outbound traffic
# You can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
# Allows SSH connections
#
-A INPUT -p tcp --dport 22 -j ACCEPT
# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT
-A FORWARD -j REJECT
COMMIT
When I save it I don't receive any error and "iptables -L" shows me the right content.
Everything seems to work, everything but the ESTABLISHED state.
I don't receive any error but if I change the line
-A INPUT -p tcp --dport 22 -j ACCEPT
with the line:
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
the current ssh session stops working.
It's not just for ssh sessions of course, I have some problems with google apps as well (I can't send emails from the server through google mail).
I'm not an expert on iptables and I don't know if my guess is right.
As I can't load other modules, I was wondering if there was another way to write these rules.
Is it possible that openvz users don't use iptables?
Thank you so much.