Tuesday, July 5, 2011

How to create a new vps or virtual server in openvz using vzctl

Here is the steps.


First go to the following directory which has the templates.
cd /vz/template/cache/

Now create the vps with VEID 10 with template for debian 64  bit ( you can choose the one you want )
vzctl create 10 --ostemplate debian-5.0-x86_64

Enabling onboot
vzctl set 10 --onboot yes --save

Adding the default ip
vzctl set 10 --ipadd IP_ADDRESS --save

Setting name servers
vzctl set 10 --nameserver 8.8.8.8 --save
vzctl set 10 --nameserver 8.8.4.4 --save

Setting the diskspace. Here 50Gb
vzctl set 10 --diskspace 50G --save

Setting the RAM and Bust RAM
vzctl set 10 --vmguarpages 4G:8G --save

Starting vps
vzctl start 10

Setting password for the root user of the vps
vzctl exec 10 passwd

Logging in
vzctl enter 10

How to allow only one ip accessing the server through ssh

This post explains how to block all ips except one accessing your system through ssh. Here we are using iptables firewall for blocking and allowing  ips. These rules are tested on Centos linux and will work with other linux distros like redhat, fedora, etc.

Suppose you have your main server with ip 192.168.1.10
And you want to allow access from 192.168.1.4 only

Here is the rules :
Initial state [all accept]

root@test [~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
root@test [~]#
See the rules below.

Now writing rules :

root@test [~]# iptables -I INPUT -p tcp -s 192.168.1.4 --dport 22 -j ACCEPT
root@test [~]# iptables -I OUTPUT -p tcp -d 192.168.1.4 --sport 22 -j ACCEPT
root@test [~]# iptables -P INPUT DROP
root@test [~]# iptables -P OUTPUT DROP
root@test [~]# iptables -P FORWARD DROP
root@test [~]# iptables -L

After :
root@cpaneltest [~]# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  192.168.1.4          anywhere            tcp dpt:ssh
Chain FORWARD (policy DROP)
target     prot opt source               destination
Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             192.168.1.4         tcp spt:ssh

Thats it. now the server 192.168.1.10 will be only accessible through ssh from 192.168.1.4.