[OpenNode-users] Firewalling

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

All,

OK, First, let me say I've read all of the firewall posts for openvz and 
opennode. I have a specific goal. I want to run a straight iptables 
firewall on the hardware node and then run individual straight iptables 
firewalls on the containers. I've done this on our LAN opennode server, 
as it did not require a firewall on the hardware node, just on the 
container. I modprobed ip_conntrack and xt_state on the hardware node,  
passed the specific modules needed to the configuration file for the 
container I was working on, setup the iptables rules and was up and running.

Now, I'm simply trying to use a straight iptables script on an opennode 
server with a publicly facing IP address, and I cannot get connection 
tracking to work at all. It shows the ESTABLISHED, RELATED rule when I 
do an iptables -L -n, but it does not pass traffic to even be able to 
ping google, let alone download templates with the TUI. The container on 
the inside will be used by an individual in our company who is used to 
making his own firewall changes, and I don't want to upset the apple 
cart by setting up the hardware node as a virtual hardware firewall for 
all of the containers.

My default INPUT policy is DROP, which I would expect to work with the 
ESTABLISHED, RELATED rule. I should also say that if I change the 
default input policy to ACCEPT, I can ping google and download 
templates, but that obviously leaves the server vulnerable.

Any ideas what I'm missing here?

Thanks in advance!

-- 
-- 
Steven G. Spencer, Network Administrator
KSC Corporate - The Kelly Supply Family of Companies
Office 308-382-8764 Ext. 1131
Mobile 402-765-8010