One of most useful things with regards running xen on your VPS server , apart from the guaranteed RAM, and the ability to hard reboot your machine is also the ability to configure IPtables on your Machine.
Some of the main features functions available with Iptables is the following:
• Build internet firewalls based on stateless and stateful packet filtering
• Use NAT and masquerading for sharing internet access if you don't have enough public IP addresses
• Use NAT to implement transparent proxies
• Aid the tc and iproute2 systems used to build sophisticated QoS and policy routers
• Do further packet manipulation (mangling) like altering the TOS/DSCP/ECN bits of the IP header
In most Linux installs iptables has become a standard option, especially centos. There is a very good chance that iptables is already installed on your machine. Check by:
1. Opening a terminal window (making sure to be logged in as root).
2. Typing: # iptables
4. If iptables is installed, you should get the following message: iptables v1.2.8: no command specified Try 'iptables -h' or 'iptables --help' for more information
5. If this message does not appear, then follow the directions below to install iptables.
1. Get the iptables tarball containing all the needed files.
◦ To get the latest version of iptables go to netfilter.org
◦ Downloads are available at http://www.netfilter.org/downloads.html
◦ The file should be named iptables-1.*.*.tar.bz2 where the asterisks represent the numbers of the latest version
◦ Save this file to a temporary directory, we will use /tmp in this example.
2. Open a terminal window.
3. Change your directory to where you saved iptables by typing: # cd /tmp
4. Uncompress the archive to the /usr/src directory by typing: # tar -xvjf ./iptables-1.*.*.tar.bz2 -C /usr/src where the asterisks represent the version number of the file you downloaded.
5. Change to the directory it created (typically iptables-1.*.*), by typing: # cd /usr/src/iptables-1.*.*
6. Using the kernel directories above, type: # /bin/sh -c make
7. To finish the install, type: # /bin/sh -c make install
Iptables should now be installed. You can test the installation as described in the beginning of this section to see if it is working. If the above install steps seemed to execute without any error, but typing: # iptables -V brings up an error, it is possible that the program did not install itself to the sbin directory. To fix this, type the following command from the iptables-1.*.* directory: ComputerName:~# cp ./iptables /sbin
Warning be careful when setting up iptables not to block access remotely to the machine.
My next post will include configuring your iptables firewall to ensure you have the correct ports open.