Secure Virtualizor host

Secure Virtualizor host https://www.softaculous.com/board/index.php?tid=5876 <![CDATA[Secure Virtualizor host]]> https://www.softaculous.com/board/index.php?tid=5876&tpg=1#p40284
but is not working,

when I stop the csf and lfd ALL IS WELL.

Regards]]> Sat, 18 Nov 2017 09:13:20 GMT https://www.softaculous.com/board/index.php?tid=5876&tpg=1#p40284 <![CDATA[Secure Virtualizor host]]> https://www.softaculous.com/board/index.php?tid=5876&tpg=1#p21583
-> if you are using this config, then only 1 ip address (the one you added to /etc/csf/csf.allow) will be able to access virtualizor and manage your servers.

I would recommend using a VPN to make sure you will always keep the same ip address and you will be able to manage your server from everywhere.

if you cannot get a dedicated (fix) ip then add 4083 and 4085 under TCP_IN and TCP6_IN in /etc/csf/csf.conf

Once your done with configuring your firewall files, just do this to stop and start the Firewall

csf -x

followed by :

csf -e

...it's also possible you miss some dependencies on Centos and Ubuntu to install CSF.

If you are using Centos :

yum install perl-libwww-perl

and under Ubuntu :

apt-get install libwww-perl

]]> Sat, 27 Sep 2014 02:34:32 GMT https://www.softaculous.com/board/index.php?tid=5876&tpg=1#p21583 <![CDATA[Secure Virtualizor host]]> https://www.softaculous.com/board/index.php?tid=5876&tpg=1#p21582
I would suggest you to use CSF firewall. It's easy to install and to configure for Virtualizor.

Instructions on how to install are here : http://configserver.com/cp/csf.html

Once it's installed in /etc/csf/csf.conf , make sure you have this :

Code
# Allow incoming TCP ports

TCP_IN = "5900:7000 "

# Allow outgoing TCP ports

TCP_OUT = "25,80,443"

// if you have IPV6 :

Code

# Allow outgoing TCP ports

TCP6_IN = "5900:7000

"

# Allow outgoing TCP ports

TCP6_OUT = "25,80,443"

Now, in /etc/csf/csf.allow just add your ip address you need to authorize.

then, to let virtualizor work with csf, just create this file :

/etc/csf/csfpost.sh

and add this line :

Code
/sbin/iptables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT

It will be much easier for you to manage your firewall this way, with CSF

You'll get much better rules.

If you enable the CSF UI, you'll also get a web interface to manage your firewall. However, it's more secure if you only use the command line to configure it.

p.s.: why should you be using something else than https for transactions on this server? I recommend to close the port 4082, and never use it ;)

hope that help

]]> Sat, 27 Sep 2014 02:23:54 GMT https://www.softaculous.com/board/index.php?tid=5876&tpg=1#p21582 <![CDATA[Secure Virtualizor host]]> https://www.softaculous.com/board/index.php?tid=5876&tpg=1#p21515 Can someone, preferably Virtualizor, provide all ports that must be opened for their product to run with either openvz, xen, KVM and list which ports are required for which type of VE. This way we can lock it down.
For virtualizor web panel access you will require port 4082-4085 .
To access vnc you will require port 5900-7000
Also php-fpm ports are only local accessible .
This ports wont have any effect on the server.
Are you using firewall on the server or external firewall.

>>2. Also, I installed my registered certificate so HTTPS works great, what does virtualizor recommend to prevent their web server from serving the non-sll pages?
We would recommend to use https .You can secure access to the server using firewall or any other security tools.]]> Wed, 24 Sep 2014 11:47:04 GMT https://www.softaculous.com/board/index.php?tid=5876&tpg=1#p21515 <![CDATA[]]> https://www.softaculous.com/board/index.php?tid=5876&tpg=0#p21505 Can someone, preferably Virtualizor, provide all ports that must be opened for their product to run with either openvz, xen, KVM and list which ports are required for which type of VE. This way we can lock it down.
2. Also, I installed my registered certificate so HTTPS works great, what does virtualizor recommend to prevent their web server from serving the non-sll pages?]]> Tue, 23 Sep 2014 20:52:34 GMT https://www.softaculous.com/board/index.php?tid=5876&tpg=0#p21505