Details
-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Fix Version/s: Vz7.0-Update4
-
Component/s: Containers::Kernel
-
Security Level: Public
Description
My cPanel has option "SMTP restrictions".
This option places the following rules into iptables:
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mailman -j RETURN
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mail -j RETURN
-A OUTPUT -d 127.0.0.1/32 -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner cpanel -j RETURN
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner root -j RETURN
But on openVZ7 that rules not loaded (except one) and this case all 25 port requests to redirect to localhost - i.e. all email can't be sent from such server.
cPanel support say: "There is something on the node that isn't set that doesn't allow these rules to be loaded."
Is it possible to do smthng with that?
My settings:
HW /etc/sysconfig/iptables-config:
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ip_conntrack_netbios_ns ipt_owner ipt_REDIRECT ipt_recent"
CT conf:
NETFILTER="full"
p.s. on openVZ6 I also tune IPTABLES_MODULES in the /etc/vz/vz.conf - but seems openVZ7 have no such options now.
p.p.s. forum topic: https://forum.openvz.org/index.php?t=msg&goto=52601&S=2de283aa999185c5d3781cc248a458ec#msg_52601
This option places the following rules into iptables:
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mailman -j RETURN
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mail -j RETURN
-A OUTPUT -d 127.0.0.1/32 -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner cpanel -j RETURN
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner root -j RETURN
But on openVZ7 that rules not loaded (except one) and this case all 25 port requests to redirect to localhost - i.e. all email can't be sent from such server.
cPanel support say: "There is something on the node that isn't set that doesn't allow these rules to be loaded."
Is it possible to do smthng with that?
My settings:
HW /etc/sysconfig/iptables-config:
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ip_conntrack_netbios_ns ipt_owner ipt_REDIRECT ipt_recent"
CT conf:
NETFILTER="full"
p.s. on openVZ6 I also tune IPTABLES_MODULES in the /etc/vz/vz.conf - but seems openVZ7 have no such options now.
p.p.s. forum topic: https://forum.openvz.org/index.php?t=msg&goto=52601&S=2de283aa999185c5d3781cc248a458ec#msg_52601
Attachments
Issue Links
- duplicates
-
OVZ-6659 ipt_owner module support in Containers
-
- Patch Sent
-
