How To Setup Networking For KVM Guests

Oct 29, 2009

I have a server with CentOS 5.4 with 5 IPs. Now i want to spare 1 IP for the host, and create 4 virtual machines, each with 1 dedicated IP and has direct access to internet (virtual machines created with KVM come with NAT as default)

Anyone can point me to a tutorial or tell me how to setup networking for this ? Working over GUI is not possible since i only have ssh access and don't want to install X just to install things. Is it possible to use Xen networking scripts for KVM guests ? I have tested Xen on my server and its default networking setting worked ie with guests have direct connection to internet.



Apr 30, 2009

I have a linux server that has a few gigabytes of data to retrieve off this system. I'm trying to network with so I can have outbound access to sftp into another server to relocate the files. I'm unable to ping or access this other server. I tried setting it up using dhcp and static information, I've rebooted network protocals, I'm still unable to access any thing. Does anyone have any suggestions on what I could try next?

The machine is running fedora, no GUI only command prompt.

View 10 Replies View Related

Networking Infrastructure

Nov 20, 2008

I am currently looking for a managed hosting solution for a small start-up.

The site will have a repository of articles in it, these will initially solely consist of documents (av. 2mb in size) and (based on performance) may be expanded to containing video/audio, however this is not likely to happen within (at least) the next six months.

The site will be running on a Linux server (we will not be considering any Microsoft products), using PHP 5 and MySQL 5. There will be a registration form and users will (based on performance) eventually be able to upload articles to the site.

We have contacted various hosting providers (am in talks with Rackspace, Rochen and Network Redux) and have had everything from SAN to a 500GB (RAID 1) recommended to us.

As the site is still currently in Beta with nothing in it and proposed launch date is March 09, I would be grateful if anyone who was in a similar position could inform me how their infrastructure evolved as the site demanded more resource.

I would like to take this opportunity to thank you for taking the time to read my query.

View 2 Replies View Related

Networking Script

Aug 5, 2008

Do you think boonex dolphin script is good? and it is better than paying for such similar script? because my intentions is to launch a free website

View 0 Replies View Related

Routing / Networking

Mar 16, 2007

I'm experiencing some odd issues, I have a cpanel setup, however on port 2086 the server is currently listening however on port 80 it fails to listen. Apache is running and no errors appear in the errors log.

Running ifconfig shows that there are errors and dropped packets.
I was changing ip routes earlier that day however all seems fine...

Oddly I can ping internally on the network and noticed a number of other servers in the broadcast range. These respond fine, however pinging google or outside the data center fails.

ping: unknown host

HTML Code:
eth0 Link encap:Ethernet HWaddr 00:14:85:3D:A2:20
inet addr:122.252.4.* Bcast: Mask:
inet6 addr: fe80::214:85ff:fe3d:a220/64 Scope:Link
RX packets:289198921 errors:4 dropped:182 overruns:0 frame:3
TX packets:230175646 errors:19 dropped:0 overruns:0 carrier:19
collisions:8927682 txqueuelen:10
RX bytes:3521641159 (3.2 GiB) TX bytes:2563591520 (2.3 GiB)
Base address:0x2400 Memory:dd100000-dd120000
lo Link encap:Local Loopback
inet addr: Mask:
inet6 addr: ::1/128 Scope:Host
RX packets:127443475 errors:0 dropped:0 overruns:0 frame:0
TX packets:127443475 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1102069037 (1.0 GiB) TX bytes:1102069037 (1.0 GiB)

View 2 Replies View Related

Networking Theory

Sep 30, 2007

I have a question: I was asked this on an interview, now I am good at home networking but nothing enterprise and this was not for a networking position but for data entry and possibly some ASP NET coding.

I was asked if you had two nics on one server each connected to a seperate switch with different IPs and subnets what possible problems could arise?

Note I am curious about this I do not plan on leanring more about networking then curiosity which this is.

View 10 Replies View Related

VPS For PHP Social Networking

May 1, 2007

I am getting confuse about all those companies and reviews. All reviews tell you different story. Please tell me which review site is reliable and they don't put good review of company just because of affilate.

I need VPS for starting and once we get enough users we will take dedicated. So which VPS hosting company should I choose to start with minimum?

View 1 Replies View Related

Windows Networking

Dec 23, 2007

I have 3 computers networked, 2 of them connects to each other for filesharing just fine, but the 3rd one is having problems.

on the 3rd computer, it can access the other 2 for file sharing, but is 'NOT' accessible from the other 2. when try to access the 3rd computer through 'network places', i get the error: "//COMPUTER is not accessible. You might not have permission...."

however, if I actually type in "COMPUTERsharedfolder" - to access the 3rd computer, I can, so basically, I CANT access "COMPUTER" but CAN access "COMPUTERsharedfolder" ..

View 2 Replies View Related

VMWare Server Networking

Oct 19, 2007

Recently, I installed VMWare Server 1.0.4 on my dedicated server.

When I tried to install my private IP on my VMWare, I had no clue how to do that. I used NAT networking to share my main OS with my private VPS, but when I try to run a service that needs the port XXXX to be open, it wouldent let me use it.

For an example, my main OS IP is My VPS is sharing the same IP address with the main OS. I tried to run an Apache service on my VPS, but when I try to access it by the IP it gives me a connection reset page.

This also happens on other services like FTP and stuff.

My VPS is running Windows XP Professional SP2 with a legal retail license and my main OS on the server is CentOS 4.5

View 1 Replies View Related

Networking VMWARE On 2003 @ SL

Jul 17, 2007

I really need some help with a new server I just got over at SL, I have windows 2003 and vmware server installed and I want to have 2-3 vmwares running websites each on port 80 and each having a separate external ip.

I have contacted SL and they have set me up with the vlan and extra ips I need I have enabled IP forwarding on the 2003 host but I don't know exactly how to configure the vmware server networking and each vmware to use my new ips and to make sure each external ip is pointing to each vmware.

View 6 Replies View Related

Confused About VMWare Networking

Jan 15, 2008

I have two servers with SL- both running Windows with two NICs for Private and Public Interfaces.

What I want to do is keep the first server Internal only, so basically, just disable the Public Network interface in Windows. On this Server, I want to create a VM that can network with the server as well as the second server and any VMs on that second server.

The second server will have both the Public and Private Interfaces enabled. On this server, I will have two VMs and both of these VMs should be able to access both the host PCs, each other, as well as the VM on the first server. Additionally,t These two VMs should also be able to access the Internet.

What would be the best way of going about this configuration.

Right now, I've just started and on the first server, created a VM using a bridged connection to the Private Network. I've give the VM an IP address in the same range as the host PC that is part of the block that SL has reserved for me. However, I cannot ping the host PC from the VM and vice versa. Firewall is disabled on the VM at the moment so I know that is not the issue.

View 2 Replies View Related

Hosting For Social Networking

Apr 1, 2008

I am building a social network site, and I'm very skeptical about the offer the social networking company had for hosting (mainly storage and bandwidth costs). They are hosted through AT&T, and did the whole "tier 1" ******** speech, and wanted to charge $179/mbps/month, $1.17/GB for CDN storage, and $1/GB for normal storage.

I know these prices are high, and to make it worse, they offered no scalability whatsoever on this. This is a big problem, as I expect the site to be popular. I did some research, and know the prices for storage have deep discounts when buying in bulk, but not sure about scalability of bandwidth costs.

I did find several price structures for bandwidth. One of these was for HostPortal, and showed deep discounts as the bandwidth needs increased (colocated prices as low as $50 per mbps once you get above 100mbps total)

Can anyone please shed some insight on the pricing, and let me know if the scalability listed by HostPortal is common and applicable to my situation. Also, if my situation is different, can anyone give me fair market rates with regards to scalability

Also, most social networking companies restrict me from hosting it myself (they state to protect their code).

View 14 Replies View Related

Networking Between Windows And Linux

Jul 23, 2007

I have windows and linux both are connected through dlink switch, but these are not communicating. How can I setup the network to communicate each other? I have linux box with samba. I am not sure how exactly I need to setup the network.

View 8 Replies View Related

How Should I Host My Social Networking Prototype

Oct 7, 2009

I'm working on a social networking prototype that will hopefully soon become a beta with moderate user load. I have zero experience in the field of web hosts other than rolling out a web application in an internal server at my last job.

The application is being developed in C#/ASP.NET 3.5 with MS SQL Server.

1. Given the fact that I'm trying to save on costs now and worry about scale later, how much would you think that I should spend on hosting? I figured that I'd have my SQL Server instance and the web app on the same box and it wouldn't really matter too much. Would a dedicated server be a minimum requirement? Or perhaps 2, with one hosting the database and the other hosting the application?

2. Does anyone recommend or disapprove of cloud computing?

3. Are there any other factors I must take into consideration? I'm quite ignorant on these matters, and am more focused and knowledgeable on actual development.

View 6 Replies View Related

Networking Patch - 5e Or 6 ? Ftp / Sftp / Sstp

Aug 18, 2009

How do you plan new network cable on your rack?

5e utp

5e ftp

6 utp

6 sstp

6a sftp

View 8 Replies View Related

What Server Specification Do I Need For Social Networking

Apr 25, 2007

I am doing on social networking project and I am wondering what specifications of server do we need so I can send it to my programmer to find proper hosting. I have no idea about it, please can you help me.

We are expecting at starting about 4.000 registered users.

View 6 Replies View Related

VMWare Server 1.0.4 - Windows XP Networking

Oct 20, 2007

I installed VMWare Server 1.0.4 on my dedicated server, and set-up a new Windows XP Professional VM.

I have 3 more IP's that are not used.

When installing the VM, I used NAT networking to share my main OS network with my private VPS, but basically no one can access the VM from the outside world. I can surf the net while being on NAT status in the VM, but if I try to run any service like Apache, no one can enter to the service besides the localhost.

My VPS is running Windows XP Professional SP2 with a legal retail license and my main OS on the server is CentOS 4.5 (detailed hardware is mentioned below)

Do you have any idea how can I configure my network so anyone can enter the VPS?

And please, if you can explain me step by step because I'm a real newbie hehe

Kind Regards,
- Nadav Peretz

Also, I saw some topics with solutions but I didn't got a chance to understand something ;

ow and sorry for my English, I know its not perfect : P

(I read the sticky, I dont think this stuff are necessary but I posted them anyway:
Kernel Version: 2.6.9-22.ELsmp
Dual Xeon 3.20GHz with 2GB RAM, 120GB HD 10,000 RPM (Sorry for the un-detailed hardware)
[root@server ~]# vmstat 5 5
procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu----
r b swpd free buff cache si so bi bo in cs us sy id wa
0 0 160 17132 6572 1930168 0 0 121 295 31 146 1 8 90 2
0 0 160 17132 6580 1930160 0 0 0 7 1020 589 0 1 99 0
0 0 160 17132 6580 1930160 0 0 0 0 1016 597 0 1 99 0
0 0 160 17132 6580 1930160 0 0 0 0 1020 601 0 1 99 0
0 0 160 17132 6580 1930160 0 0 0 0 1016 598 0 1 99 0

Using CentOS 4.5

View 1 Replies View Related

Social Networking Server Space

Mar 26, 2007

How much server space is needed for a new social networking site? Also, how do I calculate server space per user?

View 4 Replies View Related

VMWare - WinXP As Guest On CENTOS - Networking

Sep 8, 2007

OKay here is the set up:

I have a CENTOS 64bit running, with 1 guest OS (WinXP) in a VMWare Server. I have tried the following: I have 6 public IP's attached to my 1 Ethernet card in the CENTOS host.

Try 1:

The Guest OS is set to use "Bridged" Networking. This allows full use of the internet, in both directions. Not exactly optimal, but it does work. I can reach the Guest via RD, which is a requirement for this client. The guest OS is mainly assigned one of the 6 public IP's (x.x.x.118). The problem with this setup is the Guest OS can not reach the host. For example the host has a mail server on it, and when the Guest tries to reach the host, it times out.

Try 2:

The Guest OS is set up to use "NAT" and gets as its IP via DHCP inside of VMWare. The nat config file for VMWare is set to open port 3389 (RD port). Guest OS can reach the host with out any problem, and can reach the internet with out any problem, however I can not RD in to the Guest OS.

I prefer setup number 2 for all the obvious reasons, but I just can not get my IPTables rules to work. This is what I thought should work, but does not:

iptables -t nat -I PREROUTING -d x.x.x.118 -j DNAT --to-destination=
iptables -t nat -I POSTROUTING -s -j SNAT --to-source=x.x.x.118
I realize that would have done all traffic, and defeated the benefits of NAT,but since forwarding only 3389 was not working I tried forwarding everything.

Any suggestions?

View 7 Replies View Related

Linux Advanced Networking: Forwarding / Cloning UDP Traffic

May 8, 2009

I am trying to find an application that can listen on a given UDP port, say "6271" and forward all traffic (UDP) sent to that port to another IP (not on the same subnet).

I should not call this forwarding, but instead, cloning (because forwarding usually is only on the same subnet or vlan). The packets should not be modified, (thus IP information in packet ect.)

Is this possible? I have tried some applications such as,


View 4 Replies View Related

Interesting Fact Go Daddy Launches Networking Site

Nov 5, 2007

I have found this news. What you think? I think that they are trying do things better.


November 2, 2007 -- (WEB HOST INDUSTRY REVIEW) -- Domain registrar and Web hosting provider Go Daddy ( announced on Friday it has launched the Go Daddy Connections ( networking site. The new interactive resource provides a virtual community for social and business networking.

Go Daddy Connections enables Go Daddy customers to exchange helpful information, feedback and ideas to better leverage their business assets. The online community, which features topics, articles and forums, connects business owners and all like-minded Go Daddy customers at no cost.

"Small and midsize business owners have questions about running their business online and Go Daddy Connections gives them a place to interact and exchange ideas with other business owners," says Bob Parsons, Go Daddy CEO and founder. "In today's world, if you aren’t online, you aren’t staying competitive – for yourself or your customers."

Go Daddy Connections enables customers to identify important topics, educate themselves and others on business methods or practices and share relevant topical data with one another. Users can also rate and provide feedback on the site, as well as promote their own businesses.

The company announced yesterday it has been seeing tremendous growth in registrations for the .us domain name extension.

Copyright © 2007 Web Host Industry Review, Inc. All rights reserved.

View 0 Replies View Related

IWeb Technical Support Reps And System Admins Dont Understand Basic TCP-IP Networking

Aug 22, 2008

I want to pass on a warning before anyone goes with iWEB. I just ordered a $269 a month dedicated server so I could run vmware on it for my own virtual machines that I need.

With this server I got 7 IPs.

The primary IP they assigned me is say for example: 70.xx.15.171 with a GW of 70.xx.15.161. The secondary ips they issue me are 70.xx.18.249-254. So these are on a completly different subnets.

After talking on the phone to several differnt people including tech support who tells me this will work jsut fine useing thoes secondary ips on my VMs and to not put a gateway address. I talk to my account manager he says to open a ticket that he will forward to their system admins.

This is the ticket I opened.

I just got a new server set up CL-T113-140CL. It was
assigned the primary ip of 70.xx.15.171 with a GW of 70.xx.15.161. My
secondary ips are 70.xx.18.249-254. The server we got from you is a
VMWare host. We need to use the secondary IPs for the Guest VMs. How
ever the primary and secondary IPS are on different subnets and so
the VMs useing the IPs 70.xx.18.249-254 can not talk to the gateway.
I need to have a gateway server IP to use for my VMs.

Please either give me a valid GW address for the 70.38.19.x subnet or
assign new secondary IPs on teh 70.xx.15.x subnet with a SM that can
talk to the 70.xx.15.161 GW assigned.

this is the reply I get back from their system adminstrator

The gateway to be used for your secondary IP addresses is the same as
the one for your primary. You should not have anything to change,
gateway-wise. Just leave the current one as default gateway and
everything should work just fine.

If there is anything please do not hesitate to contact us.


Jean-Francois Doucet [iWeb]
System Administrator / Administrateur Système
Support / Client Hub : [url]

Are they brain dead at iWEB? DO they understand basic TCP-IP networking at all?

Here is my last reply. I tried to make it real simple for them to understand.

This does not address the issues. Do you even know what a virtual
machine is? It is a virtual computer running on the host computer.
The host computer has a valid ip address of 70.xx.15.171, sm: gw: 70.xx.15.161. The virtual machines (or guest
operating systems) if I assign it the IP address of 70.xx.18.249 SM: with no gateway it is physically impossible for it to
reach the gateway of the host pc 70.xx.15.161. You have to understand
the Virtual Machine operates as a completely separate computer. It
requires its own gateway. with no gateway specified it has no way to
get out of its local subnet to get to the 70.xx.15.x subnet. What
happens if you put two physical computers on one hub. The computer on
port 1 of the hub has the IP info 70.xx.15.171 SM: GW
70.xx.15.161. The second computer is on port 2. It has the ip info
of: 70.xx.18.249 SM: GW: NONE.
How is the pc on port 2 going to communicate with the pc on port
1? This is the exact situation we are in. There has to be a
gateway to route the IP traffic from pc2 to pc1 to get onto the

View 11 Replies View Related

Dedicated Or Reseller Setup With Virtualization Or Decent Chroot Setup

Jul 31, 2008

As my clients' needs expand, they're asking for chroot ssh/sftp setup. I'm currently on a dedicated Linux setup but don't really have the time to set up a whole new box with full virtualization or investigate a full chroot solution (baby on the way), and to be honest it would be less hassle to move to a new provider than worry about down time with sites.

What I'm looking for:

- linux hosting
- hosting for 30+ accounts, some with several domains
- at least 6 IP addresses for SSL certs
- each account in a full chroot environment (ssh/sftp/ftp) so they can't poke around each others' files, or each account set up in a virtual machine setup (ie: openvz)
- maildir
- spamassassin
- php 5, mysql, perl 5.8.8
- suexec apache would be nice

View 3 Replies View Related

DNS Setup And FTP Setup [LXAdmin/HyperVM]

Aug 1, 2008

I have learnt it is harder to setup than I initially expected (since I have just moved from a shared hosting service). I am in need of some help setting up my DNS servers, as I am very confused. Here is most of the info I know:

1) I am running HyperVM

2) I've installed LXAdmin

3) I own the domain (purchased from

4) My VPS hostname is:

5) I know my IP

6) My host has said:

'For VPS customers that have a HyperVM login you can now host forward DNS on the DNS servers (US) (UK'

And I am unsure what this means/how to do it.

I am not sure if I need some more information to set up my DNS, however I am sure that I can get it if I do.

Now, my questions begin. Firstly, I need to point my domain - - somewhere. I believe I need to set up my DNS via HyperVM or LXAdmin so that they are something like: and Though, is this correct? Am I able to set up my own actual domain name servers, or will my domain have to point at something like

If anyone can assist me in this I would be very greatful, as I am waiting to get my website running. This is all I will ask for now, I will take it one step at a time =).

View 14 Replies View Related

NAS Setup

Jul 10, 2009

I am currently researching and evaluating Network Attached Storage systems and was wondering whether anyone out there has had previous experiences (good or bad) with any particular setup?

I am particularly curious to know:

1- what kind of a performance hit I can expect when data is stored on a NAS and accessed via ethernet over iSCSI as opposed to regular SATA or SCSI.

2- what pre-built NAS system would you recommend for a system that requires about 8 TB of disk space for file data and needs to have 100% uptime? I've been looking at: [url]

However I don't know what sort of limitations this hardware offers as far as simultaneous disk reads/writes go.

View 14 Replies View Related

VPN Setup

Apr 27, 2009

I need to setup a vpn for a customer so they can access a development server. I'm running a Tomcat server and an Oracle database that they would need access to, both port 80(or 8080) and port 1521. This needs to be secured as there is customer data that needs to be protected.

This server will be part of our existing servers we rent from Pacificrack. I really would appreciate any suggestions as the best way to do this, short of buying my own cisco or checkpoint firewall with vpn.

View 2 Replies View Related

How To Setup SAN

Nov 1, 2009

how to setup SAN either on Windows or Linux?

View 3 Replies View Related

VPS And VPN Setup

Apr 22, 2009

We like to setup VPS and VPN accounts on our new server Centos 5.2,

Any recommendations for appropriate programs and web hosting panels?

View 5 Replies View Related

Setup For IIS 7.0

Oct 19, 2008

I am currently using windows server 2008 standard to host my website. I set my website up with IIS and when i type in localhost i can see it. But, if i type i my ip adress I see my router's config page. I use dyn dns updater which takes my ip adress and uses that to update my website. But, when I go to my website I see my routers config page, not my website.

View 2 Replies View Related

SSL Setup

Apr 8, 2008

I have no experience in this topic but I need a secure connection with SSL. I made some research but not everything is clear.

I need a dedicated IP to make SSL possible.

Do I need an SSL certificate as well or it is only important to make the customers happy? Does SSL works without certificate?

I ask it because some company charge money for the SSL/month and pluss charge money for certificate/year.

What does it mean if the certificate is outdated? The SSL connection works fine, isn't it? I ask it strictly technicaly.

View 7 Replies View Related

How To Setup A VPN

Apr 14, 2008

Hello I have my own web server. Due to some sites being blocked in where I currently reside (no not porn, just websites like flickr, orkut..etc). I have seen some programs that you can download for free and they connect through a VPN but dramatically slow down your connection and filled with ads. It did work. However I want my own setup and VPN

View 6 Replies View Related

DNS Setup

Apr 16, 2007

We are currently setting up a VPS server, which will be used for a specific client portfolio that we are aquiring from another company. This is a Linux based server with WHM/Cpanel.

However, we wish to set up DNS in the best possible way, since we need to host DNS for some vital ISP services also. I gather this probably means using a combination of DNS on the VPS server itself, as well as one or more other DNS servers in other physical locations. The VPS server itself is located in Amsterdam, while most clients are here in Norway - thus ensuring reliability for local clients is the most important consideration.

Now some key questions:

- How important is the physical location of the DNS servers, and where should these ideally be located?

- Is a cluster solution the way to go - and is this supported by WHM/Cpanel?

- We have Linux and Windows based servers on our local network; could these be used for DNS also? If so, tips on software needed?

View 13 Replies View Related

Setup Ns1 & Ns2

Sep 11, 2008

I got a dedicated.

And 2 Ips.

I want setup ns1 & ns2 for my server.

how to ?

I use WHM.

View 4 Replies View Related

Ns1 Vs Ns2 Setup On Different DNS

May 24, 2008

i am currently experimenting DNS with my 2 ips (each with separate servers spread over 2 geographic locations) and my zone file maps these IPs to and

Both of my servers run DNS and with zone entry for my domain name. But when i stop the dns server on first IP (ns1) the second dns server (ip2) not working or resolving. Both are master servers.

My question is if first server DNS fails, the second DNS should resolve? why it is not working. i guess that is reason why domain registrars ask for 2 name servers. if one fails other works as backup??

how do i setup these? should i setup a slave or something?

View 5 Replies View Related

Csf / Lfd Setup

Feb 24, 2007

My environment:

cpanel / whm
shared and reseller accounts (300+ domains)
secure only ports for cpanel/whm/webmail


Seems like too often people get blocked out of firewall for ftp, webmail, pop3 or webmail. I'm not sure what to do without sacrificing good security measures.

Below is my configuration for CSF (chirpy's firewall)

# Copyright 2006, Way to the Web Limited
# URL:
# Email:

# Testing flag - enables a CRON job that clears iptables incase of
# configuration problems when you start csf. This should be enabled until you
# are sure that the firewall works - i.e. incase you get locked out of your
# server! Then do remember to set it to 0 and restart csf when you're sure
# everything is OK. Stopping csf will remove the line from /etc/crontab

# The interval for the crontab in minutes. Since this uses the system clock the
# CRON job will run at the interval past the hour and not from when you issue
# the start command. Therefore an interval of 5 minutes means the firewall
# will be cleared in 0-5 minutes from the firewall start

# Enabling auto updates creates a cron job called /etc/cron.d/csf_update which
# runs once per day to see if there is an update to csf+lfd and upgrades if
# available and restarts csf and lfd. Updates do not overwrite configuration
# files or email templates. An email will be sent to the root account if an
# update is performed

# Ethernet device setting is taken from the shared IP address in
# /etc/wwwacct.conf but can be overridden here (e.g. "eth0")
# If you have multiple ethernet NICs that you want to apply all rules to, then
# you can set the following to the interface name immediately followed by a
# plus sign. For example, eth+ will apply all rules to eth0, eth1, etc

# Unfiltered ethernet devices in a comma separated list (e.g "eth1,eth2")

# Lists of ports in the following comma separated lists can be added using a
# colon (e.g. 30000:35000).

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,953,993,995,2083,2087,2095,2096,22305"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,953,2087,2089,2703"

# Allow incoming UDP ports
UDP_IN = "20,21,53,953"

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = "20,21,53,113,123,873,953,6277"

# Allow incoming PING
ICMP_IN = "1"

# Allow outgoing PING
ICMP_OUT = "1"

# Block outgoing SMTP except for root, exim and mailman (forces scripts/users
# to use the exim/sendmail binary instead of sockets access). This replaces the
# protection as WHM > Tweak Settings > SMTP Tweaks. This will block hosting
# clients from using your server as an SMTP relay

# If SMTP_BLOCK is enabled but you want to allow local connections to port 25
# on the server (e.g. for web scripts) then enable this option too

# If this is a MONOLITHIC kernel (i.e. it has no LKM support, e.g. a VPS) then
# set this to 1. Because of the nature of monolithic kernels, it's not easy to
# determine which modules have been built-in, so some functionality may not be
# available and this firewall script may not work.
# One example is if the ip_conntrack and ip_conntrack_ftp iptables kernel
# modules are not available. If this happens, FTP passive mode (PASV) won't
# work. In such circumstances you will have to open a hole in your firewall and
# configure the FTP daemon to use that same hole. For example, with pure-ftpd
# you could add the port range 30000:35000 to TCP_IN and add the following line
# to /etc/pure-ftpd.conf (without the leading #):
# PassivePortRange30000 35000
# Then restart pure-ftpd and csf and passive FTP should then work

# Enable logging of dropped connections to blocked ports to syslog, usually
# /var/log/messages

# Enable logging of dropped connections to blocked IP addresses in csf.deny or
# by lfd with temporary connection tracking blocks

# Only log reserved port dropped connections (0:1023). Useful since you're not
# usually bothered about ephemeral port drops

# Commonly blocked ports that you do not want logging as they tend to just fill
# up the log file. These ports are specifically blocked (applied to TCP and UDP
# protocols) for incoming connections
DROP_NOLOG = "67,68,111,113,135:139,445,513,520,1026,1027,1234,1433,1434,1524,3127"

# Enable packet filtering for unwanted or illegal packets

# Log packets dropped by the packet filtering option PACKET_FILTER. This will
# show packet drops that iptables has deemed INVALID (i.e. there is no
# established TCP connection in the state table), or if the TCP flags in the
# packet are out of sequence in the protocol exchange.
# If you see packets being dropped that you would rather allow then disable the
# PACKET_FILTER option above by setting it to "0"

# Enable verbose output of iptables commands

# If you wish to allow access from dynamic DNS records (for example if your IP
# address changes whenever you connect to the internet but you have a dedicated
# dynamic DNS record from the likes of then you can list the FQDN
# records in csf.dyndns and then set the following to the number of seconds to
# poll for a change in the IP address. If the IP address has changed iptables
# will be updated.
# A setting of 600 would check for IP updates every 10 minutes. Set the value
# to 0 to disable the feature
DYNDNS = "0"

# If you wish to allow access from all IP's that have authenticated using POP
# before SMTP (i.e. are valid clients) then you can whitelist them using this
# option which checks for IP addresses in /etc/relayhosts which last for 30
# minutes in that file after a successful POP authentication
# A setting of 60 would update IP's every 1 minute. Set the value
# to 0 to disable the feature

# Enable this option if you want to allow incoming connections from reserved
# ports. Normally, only DNS connections have the same SRC and DST port (53)
# and any other connections should have a SRC port > 1023. On *nix systems this
# rule is generally adhered to and reserved ports are not allocated as SRC
# ports. However, other notable OS's appear to ignore this and allocate them at
# will. This means it's possible that users may come in on reserved ports, so
# enable this option if you want to allow them to, or disable it if you want to
# be strict

# Limit the number of IP's kept in the /etc/csf/csf.deny file. This can be
# important as a large number of IP addresses create a large number of iptables
# rules (4 times the number of IP's) which can cause problems on some systems
# where either the the number of iptables entries has been limited (esp VPS's)
# or where resources are limited. This can result in slow network performance,
# or, in the case of iptables entry limits, can prevent your server from
# booting as not all the required iptables chain settings will be correctly
# configured. The value set here is the maximum number of IPs/CIDRs allowed
# if the limit is reached, the entries will be rotated so that the oldest
# entries (i.e. the ones at the top) will be removed and the latest is added.
# The limit is only checked when using csf -d (which is what lfd also uses)
# Set to 0 to disable limiting

View 0 Replies View Related

DNS Setup For VPS

Oct 2, 2007

initial WHM DNS setup i tryed at first with whm but it seems like it messes the nameservers IPs so i just put some entries manually I got all name servers IPs and shared IP setup right but i may be have some problems with DNS zones
here is my named config

view "internal"
/* This view will contain zones you want to serve only to "internal" clients
that connect via your directly attached LAN interfaces - "localnets" .
match-clients { localnets; };
match-destinations { localnets; };
recursion yes;

zone "." IN {
type hint;
file "/var/named/";

// include "/var/named/named.rfc1912.zones";
// you should not serve your rfc1912 names to non-localhost clients.

// These are your "authoritative" internal zones, and would probably
// also be included in the "localhost_resolver" view above :

zone "" {
type master;
file "/var/named/";

zone "" {
type master;
file "/var/named/";

zone "" {
type master;
file "/var/named/";

zone "" {
type master;
file "/var/named/";

view "external"
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
match-clients { !localnets; !localhost; };
match-destinations { !localnets; !localhost; };

recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers

// all views must contain the root hints zone:
zone "." IN {
type hint;
file "/var/named/";

// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:

// BEGIN external zone entries

zone "" {
type master;
file "/var/named/";

zone "" {
type master;
file "/var/named/";

-------------------------------------------------------------------------- is my hostname
I still can't ping or but my name servers are ok
what exactly the problem?

View 6 Replies View Related

DNS Setup

May 8, 2007

All the domains on my server are using my own hosted nameservers, but now I have a new domain where I need to use a 3rd party DNS (

The settings on wasn't a big deal, but what on my own server?

I created the domain through whm and it is set to use my own DNS just like the other domains. How do I change it to use the DNS from

This is how my zonefile looks like:


; Zone file for
$TTL 14400
@ 86400 IN SOA (
2007050801 ; serial, todays date+todays
86400 ; refresh, seconds
7200 ; retry, seconds
3600000 ; expire, seconds
86400 ) ; minimum, seconds 86400 IN NS 86400 IN NS IN A IN A IN MX 0

ftp IN A

I guess I don't need the A record and Cname here since I set that up at

How should it look and are there anything else I need to change on my server?

View 6 Replies View Related

DNS Setup

Jul 23, 2007

i 've tried to setup dns server. i configured dns as well. but it's not reachable by the domain. would you help me to setup this dns settings correctly. will my nameservers would be and if i set it up in windows server 2003?
i can't login through ftp programs. even when i type my login details. how to change the permission on the server.

View 2 Replies View Related

Setup DNS

Jul 8, 2007

Does anyone know of a tutorial that can teach me to setup a dns on my windows server for apache so instead of using an ip address i can use a domain and it would go to my website.

View 14 Replies View Related

Php Setup

Jul 4, 2007

I am trying to run my first PHP 5 application that I bought from SitePoint called "Using Ajax with your web applications" but am having lots of problems trying to configure it to run on Windows XP and IIS.

I have installed Apache2.2 and PHP php-5.2.3-win32-installer.msi

I have made some changes and the last error message I got yesterday was this:

No input file specified.

I have tried to set the doc_root path in the .ini file to C:inetpub/wwwroot/finance/www and also delete it as I saw in some forums but to no avail.

I have set my IIS alias to the "www" folder since it contains the index.php file. It also contains another file I do not know what it is used for (.htaccess) and I left it alone.


Today, when I tried to open the file again in IE,


I got the following error:

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

I would appreciate very much if someone could help me to sort this problem out. What do I have to do to get the server back and running and get it to work with this PHP application?

View 6 Replies View Related

Copyrights 2005-15, All rights reserved