How to make openvz and ufw friends?

M

magic4x2014-08-26 16:45:25

OpenVZ

magic4x, 2014-08-26 16:45:25

A certain ingenious dude collected an excellent man how to start this business at all.

~ # wget www.google.com                                                                                                                             
--2014-08-26 17:37:48--  http://www.google.com/
Resolving www.google.com (www.google.com)... 2a00:1450:400d:803::1011, 173.194.32.147, 173.194.32.148, ...
Connecting to www.google.com (www.google.com)|2a00:1450:400d:803::1011|:80...

However, this is not enough.

ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere
80/tcp                     ALLOW IN    Anywhere
443/tcp                    ALLOW IN    Anywhere

Anywhere                   ALLOW OUT   Anywhere

Ubuntu 14.04 (up-to-date). There doesn't seem to be anything more to add.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

G

gagarinq9, 2014-08-26
@magic4x

I am not familiar with either one or the other, but if you go through everything consistently, then the problem can be localized and corrected.
At first sight:

Stop Loading modules and ipv6 in the OpenVZ VM
Open /etc/default/ufw
Comment out the line starting with “IPT_MODULES” and “IPV6”
The first three and last one errors are solved.
Apparently you disable support for IPv6.
Try ping 8.8.8.8
I think adding IPV6=yes to /etc/default/ufw will help
Or try disabling IPv6 for the whole system
sudo gedit /etc/sysctl.conf
And add to the end of the file:
# IPv6
net.ipv6.conf.all. disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
Then sudo sysctl -p or reboot.