E
E
enly12017-11-15 10:17:53
iptables
enly1, 2017-11-15 10:17:53

IPtables from dedicated to virtual servers?

Divided a dedicated server into virtual servers using VMmanager (KVM virtualization). How can I make iptables rules written on a dedicated server apply to virtual servers hosted on a dedicated server?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
K
krosh, 2017-11-15
@enly1

Use the FORWARD chain. This will work if the dedicated server is the gateway to the virtual ones.
Although it is better to clarify the question.

A
Andrey Tov, 2017-11-15
@Don_Andretti

To complete the tutorial, you need to have two servers. The source server where the firewall rules reside is referred to as server A in the manual; the target server is B.
You also need to have sudo rights.
Viewing iptables rules
Before you can migrate your firewall rules, you need to view them. To do this, run the following command on server A:
s

udo iptables -S
Example output:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 15.15.15.51/32 -j DROP

Now we need to transfer these rules to another server.
The iptables-save command will save the current firewall rules to stdout , after which it can be saved to a file.
Use this command on Server A to export the rules to the iptables-export.
cd ~
sudo iptables-save > iptables-export
After that, the iptables-export file will appear in the home directory, with which you can transfer the firewall rules to another server.
View file (optional)
Check if the new file contains all required data:
cat iptables-export
# Generated by iptables-save v1.4.21 on Tue Sep 1 17:32:29 2015
*filter
:INPUT ACCEPT [135:10578]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8364:1557108]
- A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT - s 15.15.15.51/32 -j DROP
COMMIT
# Completed on Tue Sep 1 17:32:29 2015

As you can see, this file contains all the current iptables rules, and now you can copy this file to the target server.
Transferring the rules to the target server The
easiest way to do this is to use scp , or simply copy and paste the contents of the file into a new file on the target server.
The following shows how to use scp to copy a file over the network to the /tmp directory .
So, run the scp command on server A, specifying the login and IP address of the server.
Once authorized, the file will be copied to the /tmp directory on server B.
Note: The contents of the /tmp directory will be deleted when the system is rebooted. Don't forget to move the file to a safer directory.
You can now load the migrated rules.
Note: If necessary, you can now update them with the new server details; edit the /tmp/iptables-export file with everything you need.
When the rules match the requirements of this server, load them from the iptables-export file using the iptables-restore command.
On Server B, run:
To verify that the rules are loaded successfully, use:
Unsaved firewall rules are only valid for one session; to make a rule set permanent, you need to save it. Make sure you are on server B and follow the appropriate section.
To persist firewall rules, Ubuntu provides the iptables-persistent package. To install this package, enter the command:
During installation, the program will prompt you to save the current iptables rules. Select yes.
In the future, to save new or updated rules, use the command:
By default, CentOS 6 and 7 systems use the FirewallD firewall; to save iptables rules use:
This will save the current iptables rules to the /etc/sysconfig/iptables file, which will be loaded after the system is restarted.
Firewall rule migration completed successfully!

P
Puma Thailand, 2017-11-15
@opium

In fact, just filter traffic with iptables and live on virtual machines without firewall

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question