RedHatVN Network » sysctl

HowTo: Add iptable modules on a VPS

admin — Fri, 25 Dec 2009 06:21:14 +0000

If you receive the following error on restating iptables on a VPS:

error message: from firewall software ~ iptables: Unknown error 4294967295

you need to make sure the required iptable modules are loaded in the host server kernel. You have to use modprobe to load the following modules in the kernel:

modprobe ipt_MASQUERADE modprobe ipt_helper modprobe ipt_REDIRECT modprobe ipt_state modprobe ipt_TCPMSS modprobe ipt_LOG modprobe ipt_TOS modprobe tun modprobe iptable_nat modprobe ipt_length modprobe ipt_tcpmss modprobe iptable_mangle modprobe ipt_limit modprobe ipt_tos modprobe iptable_filter modprobe ipt_helper modprobe ipt_tos modprobe ipt_ttl modprobe ipt_REJECT

Once the modules are loaded, add the modules to your VPS using the vzctl command. You will have to stop the VPS first

vzctl stop VEID

and then add the modules to a VPS

vzctl set VEID –iptables ipt_REJECT –iptables ipt_tos –iptables ipt_TOS –iptables ipt_LOG –iptables ip_conntrack –iptables ipt_limit –iptables ipt_multiport –iptables iptable_filter –iptables iptable_mangle –iptables ipt_TCPMSS –iptables ipt_tcpmss –iptables ipt_ttl –iptables ipt_length –iptables ipt_state –iptables iptable_nat –iptables ip_nat_ftp –save

Once the above command is executed, start the VPS

vzctl start VEID

Now you are set to use iptables on your VPS.

VPS iptables rule limit is too low

admin — Fri, 25 Dec 2009 06:22:43 +0000

You may come across with a “numiptent” error message while restarting iptables or whatever firewall (say csf) you have installed on your VPS. The error appear as follows:

The VPS iptables rule limit (numiptent) is too low (200/250) – stopping firewall to prevent iptables blocking all connections

There is a limit on the number of iptables packet filtering entries for a VPS and if the iptable rules added on a VPS exceeds the “numiptent” set, you will receive the given error message.

To make sure iptables works properly on a VPS, you need to increase the “numiptent” value in the VPS configuration file which is located at /etc/sysconfig/vz-scripts/veid.conf and have to restart the VPS.

Howto: change Port OR Network Interface Speed?

admin — Fri, 25 Dec 2009 06:40:12 +0000

How to change Port speed OR Network Interface Speed?
To set a specific speed limit on a Network Interface say 10mbps, edit the file network interface file and set the limit which will make the changes permanent even after a reboot.

Edit the file:

root@server [~]# pico /etc/sysconfig/network-scripts/ifcfg-eth0

Add the following line at the end of the file:

ETHTOOL_OPTS=”speed 10 duplex full autoneg off”

Save the file and restart the network service.

root@server [~]# service network restart

This way you can set the duplex or auto negotiation as well. Once done, you can check the network speed using the ethtool command
root@server [~]# ethtool eth0

Optimizing host.conf and sysctl.conf

admin — Fri, 31 Jul 2009 17:10:45 +0000

Well, here is another net-based optimization script i have for you. It also is not a masterpiece, but when you include this with everything else, this small addition is the topping to the cake.

#!/bin/sh
cp /etc/host.conf /etc/host.back
echo “# Lookup names via DNS first then fall back to /etc/hosts.” > /etc/host.conf
echo “order bind,hosts” >> /etc/host.conf
echo “# We have machines with multiple IP addresses.” >> /etc/host.conf
echo “multi on” >> /etc/host.conf
echo “# Check for IP address spoofing.” >> /etc/host.conf
echo “nospoof on” >> /etc/host.conf
cp /etc/sysctl.conf /etc/sysctl.conf.old
echo “# Max File Handlers” >> /etc/sysctl.conf
echo “fs.file-max = 8192″ >> /etc/sysctl.conf
echo “# Disable CTR+ALT+DEL Restart Keys” >> /etc/sysctl.conf
echo “kernel.ctrl-alt-del = 1″ >> /etc/sysctl.conf
echo “# Enable TCP SYN cookie protection” >> /etc/sysctl.conf
echo “net.ipv4.tcp_syncookies = 1″ >> /etc/sysctl.conf
echo “# Disable ICMP Redirect Acceptance” >> /etc/sysctl.conf