In general csf is giving good compatibility with cpanel servers . But in a vps (openvz or Virtuzzo) the csf configuration is something different.
Sometimes you may get an error as follow after the csf installation in vps
Error: iptables command [/sbin/iptables -v -A LOGDROPIN -p tcp -m limit –limit 30/m –limit-burst 5 -j LOG –log-prefix ‘Firewall: *TCP_IN Blocked* ‘] failed, at line 196
So how to resolve this issue. Let us do it as follows,
There are two steps to configure the csf in vps
- Main vps server ( The host server ,in which the vps nodes are running) configuration
- Vps node configuration.
Main vps serverconfiguration
Before starting the csf installation in a node login to the main server (host server) and check whether the following modules are inserted in to the kernel
You can check it as follows
# lsmod |grep -i <module-name>
If not please insert these modules into the kernel.
eg: modprob ipt_conntrack
Now add these modules to iptable configuration as follows.
# vi /etc/sysconfig/iptables-config
Add the following in this file
IPTABLES_MODULES=”ipt_conntrack ipt_LOG ipt_owner ipt_state ip_conntrack_ftp”
Now edit the vps configuration file from /etc/sysconfig/vz-scripts/ Let 101 is the VEID, add the above inserted modules in to the IPTABLE section in this configuration file.
# vi /etc/sysconfig/vz-scripts/101.conf
IPTABLES=”iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ipt_state
iptable_nat ip_nat_ftp ipt_owner ip_conntrack_ftp”
Here we completed the main vps server configuration . So now reboot the child node (not main server) as follows
# vzctl restart <veid>
eg: vzctl restart 101
ii) Vps node configuration.
Now ssh /enter your child vps node
Now download and install the csf . You can download the csf fromhere
Before restarting the csf let us do some configurations as follows , Edit the file /etc/csf/csf.conf .Then set the following variables
ETH_DEVICE = “venet0″ #from ifconfig you can see the n/w device
MONOLITHIC_KERNEL = “1″
VERBOSE = “0″ # will disable the verbose output during start
Now start the csf and lfd .
Note: If it is cpanel server go to whm and configure the firewall settings