Proxmox में OpenVZ, मार्जिन नोट

शायद यह नोट एक पूर्ण लेख पर आकर्षित नहीं करता है, लेकिन मैंने यहां उन सभी गैर-मानक बिंदुओं को इकट्ठा करने की कोशिश की, जो मैंने ओपनवीजेड कंटेनरों और प्रोक्समॉक्स हाइपरविजर के साथ काम करते समय सामना किया था, उदाहरण के साथ तैयार व्यंजनों को दें, शायद यह समाधान खोजने के लिए किसी के लिए समय बचाएगा। पाठ कुछ कम होगा, कई उदाहरण हैं, चित्रों की कोई मुहर नहीं होगी।

• समय बचाने के लिए सारांश
• 1. हाइपरविजर से ओपनवीजेड कंटेनर तक विभिन्न क्षमताओं और उपकरणों को अग्रेषित करना
• 1.1। प्रोब्रोस फ्यूज
• 1.2। प्रोब्रोस एनएफएस
• 1.3। यूएसबी डिवाइस अग्रेषण
• 1.4। फॉरवर्ड साउंड कार्ड (बिल्ट-इन और यूएसबी दोनों)
• 1.5। प्रोब्रो X'ov
• 1.6। डिस्क विभाजन को अग्रेषित करना
• 1.7। ट्यून / टैप चालू करें
• 2. फ़ायरवॉल
• 3. विभिन्न छोटी चीजें
• यूपीडी -1: फॉरवर्ड वलान

और इसलिए हम गए:

1. हाइपरविजर से ओपनवीजेड कंटेनर तक विभिन्न क्षमताओं और उपकरणों को अग्रेषित करना

१.१ फॉरवर्ड फ्यूज

हाइपरविजर रन पर:
OpenVZ कंटेनर बंद करो

vzctl stop [VEID] 

प्रदर्शन

 vzctl set [VEID] --devices c:10:229:rw --save vzctl exec [VEID] mknod /dev/fuse c 10 229 

कंटेनर चलाएं

 vzctl start [VEID] 

जहां [VEID] कंटेनर संख्या है, जिसके बाद कंटेनर में काम करना बढ़ते हैं।

1.2। प्रोब्रोस एनएफएस

हाइपरवाइजर पर:
एनएफएस सर्वर स्थापित करें

 aptitude install nfs-kernel-server 

nfs config संपादित करें

 nano /etc/exports 

उदाहरण के लिए, 10.1.1.2 के लिए निर्यात / var / lib / vz

 /var/lib/vz 10.1.1.2(rw,sync,fsid=root,no_root_squash,crossmnt,no_subtree_check) 

सर्वर को पुनरारंभ करें

 /etc/init.d/nfs-kernel-server restart 

कंटेनर में nfs समर्थन जोड़ें

 vzctl set [VEID] --features "nfs:on" --save 

कंटेनर के अंदर:

 aptitude install nfs-common 

माउंट उदाहरण

 mount -t nfs 10.1.1.1:/var/lib/vz/ /vz 

1.3। यूएसबी डिवाइस अग्रेषण

डिवाइस फ़ॉरवर्डिंग के सभी मामलों में, यदि एक से अधिक डिवाइस हैं, तो कंटेनर कॉन्फ़िगर को सीधे संपादित करना बेहतर है, और vzctl का उपयोग न करें, तथ्य यह है कि यदि आपने सभी आवश्यक उपकरणों को एक बार में एक पंक्ति में नहीं रखा है, तो vzctl सभी पिछले प्रोब्रोस को अधिलेखित कर देगा और केवल पिछले एक को स्थापित करेगा।

सामान्य मामले में:

 vzctl set VEID --devices b|c:major:minor|all:[r|w|rw|none] 

जहाँ b एक ब्लॉक डिवाइस है, c एक कैरेक्टर डिवाइस है। मेजर: नाबालिग को एक विशिष्ट डिवाइस के लिए / देव / बस / यूएसबी में देखा जाना चाहिए।
नाम से सूबेदार

 vzctl set [VEID] --devnodes ttyUSB0:rw --save 

कोड द्वारा परिवीक्षा

 vzctl set [VEID] --devices c:189:all:rw --save 

या विन्यास को संपादित करके:

 nano /etc/pve/openvz/[VEID].conf DEVNODES="ttyUSB1:rw " DEVNODES="c:189:all:rw " 

चल रहे कंटेनर में USB डिवाइस को अग्रेषित करने के लिए, आपको निम्न करना होगा:
मेजबान से कंटेनर तक माउंट

 mount -o bind /dev/<DEVNAME> $VE_ROOT/dev/<DEVNAME> 

1.4। फॉरवर्ड साउंड कार्ड (बिल्ट-इन और यूएसबी दोनों)

कई मायनों में, यह एक नियमित USB डिवाइस को अग्रेषित करना पसंद करता है, लेकिन कुछ अंतरों के साथ।
हाइपरवाइजर पर:
हम ध्वनि के साथ काम करने के लिए कर्नेल मॉड्यूल डालते हैं

 modprobe snd_dummy echo "snd_dummy" >> /etc/modules 

अगर USB साउंड है, तो

 modprobe snd_usb_audio echo "snd_usb_audio" >> /etc/modules 

सुनिश्चित करें कि मॉड्यूल जुड़े हुए हैं

 lsmod | grep snd 

ध्वनि के साथ काम करने के लिए सभी जुड़े मॉड्यूल की एक सूची प्रदर्शित की जानी चाहिए

कॉन्फ़िगर करने के लिए virtualka जोड़ें

 vzctl set [VEID] --devices c:116:all:rw --devices c:4:all:rw --save 

यदि यह आगे भेजे जाने वाला पहला उपकरण नहीं है, तो कमांड पिछले वाले को मिटा देगा
फ़ाइल संपादित करें

 /etc/pve/openvz/[VEID].conf 

इसमें एक पंक्ति जोड़ें

 DEVICES="c:116:all:rw c:4:all:rw " 

सभी snd उपकरणों की सूची बनाएं

 ls -la /dev/snd 

 crw-rw---T 1 root audio 116, 6 Jan 25 19:19 controlC0 crw-rw---T 1 root audio 116, 9 Jan 27 09:52 controlC1 crw-rw---T 1 root audio 116, 5 Jan 25 19:19 pcmC0D0c crw-rw---T 1 root audio 116, 4 Jan 25 19:20 pcmC0D0p crw-rw---T 1 root audio 116, 8 Jan 27 09:52 pcmC1D0c crw-rw---T 1 root audio 116, 7 Jan 27 09:52 pcmC1D0p crw-rw---T 1 root audio 116, 3 Jan 25 17:47 seq crw-rw---T 1 root audio 116, 2 Jan 25 17:47 timer 

हम कंटेनर में जाते हैं

 vzctl enter [VEID] 

Vypolyanem

 rm -r /dev/snd mkdir /dev/snd mknod /dev/snd/controlC0 c 116 6 mknod /dev/snd/controlC1 c 116 9 mknod /dev/snd/pcmC0D0c c 116 5 mknod /dev/snd/pcmC0D0p c 116 4 mknod /dev/snd/pcmC1D0c c 116 8 mknod /dev/snd/pcmC1D0p c 116 7 mknod /dev/snd/seq c 116 3 mknod /dev/snd/timer c 116 2 chmod 660 /dev/snd/* chown :audio /dev/snd/* 

(कृपया ध्यान दें कि डिवाइस नंबर और नाम हाइपरविज़र पर मेल खाने चाहिए)

हम अलसा डालते हैं

 aptitude install alsa alsa-lib alsa-base alsa-util libdssialsacompat0 

अब हम ऑडियो समूह में आवश्यक कंटेनर उपयोगकर्ताओं को जोड़ते हैं

 adduser skype audio 

1.5। प्रोब्रो X'ov

हम vzctl (SSH नहीं) के माध्यम से कंटेनर में जाते हैं
एक simlink बनाओ

 rm /dev/tty0 ln -s /dev/tty1 /dev/tty0 

यदि nscd स्थापित है तो स्थापना रद्द करें

 aptitude remove nscd 

हम आवश्यक पैकेज डालते हैं

 aptitude -R install xorg xserver-xorg-video-dummy xserver-xorg-input-kbd xserver-xorg-input-mouse alsa-base linux-sound-base libaudiofile0 dbus udev 

/Etc/X11/xorg.conf को फॉर्म में लाएं

 Section "InputDevice" Identifier "Dummy Input" Driver "void" EndSection Section "Device" Identifier "Dummy Video" Driver "dummy" EndSection Section "Monitor" Identifier "Configured Monitor" EndSection Section "Screen" Identifier "Default Screen" Monitor "Configured Monitor" Device "Dummy Video" EndSection Section "ServerLayout" Identifier "Default Layout" Screen "Default Screen" InputDevice "Dummy Input" EndSection 

हाय शुरू

 /usr/bin/X :<DISPLAY#> 

जहाँ

   ,    ( ).  ,  X-       . 
 
 ,   Skype ( Skypiax)      UID "Skype": 
 su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &» 
 
 1.6.    
   ,     ,   sda4 
 vzctl set [VEID] --devnodes sda4:rw --save 
 1.7.  tun/tap 
     vpn  ,     . 
 
     
 lsmod | grep tun 
    
 modprobe tun echo "tun" >> /etc/modules 
 vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID] 
   ,    -. 
 
  
          ,   . 
 nano /etc/vz/vz.conf 
    IPTABLES     
 IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp" 
    VZ 
 /etc/init.d/vz restart 
         . 
 
  ,  ,      ( ,    ) 
 nano /etc/modules 
 ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop 
     
        #!/bin/sh 
 ### BEGIN INIT INFO 
 # Provides: iptables.sh 
 # Required-Start: $all 
 # Required-Stop: $all 
 # Default-Start: 2 3 4 5 
 # Default-Stop: 0 1 6 
 # Short-Description: My firewall 
 # Description: Rico-X FIREWALL 
 ### END INIT INFO 
 # /etc/init.d/iptables 
 
 IPT=/sbin/iptables 
 
 case "$1" in 
 start) 
 echo "Starting iptables" 
 
 sysctl -w net.ipv4.tcp_synack_retries=1 
 sysctl -w net.ipv4.tcp_max_syn_backlog=4096 
 sysctl -w net.ipv4.tcp_fin_timeout=10 
 sysctl -w net.ipv4.tcp_syncookies=1 
 sysctl -w net.ipv4.tcp_keepalive_intvl=10 
 sysctl -w net.ipv4.tcp_keepalive_probes=5 
 sysctl -w net.ipv4.tcp_keepalive_time=60 
 sysctl -w net.ipv4.conf.default.rp_filter=1 
 #sysctl -w net.ipv4.ip_forward=0 
 
 #     
 $IPT -P INPUT DROP 
 $IPT -P FORWARD ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 
 #     ,     
 $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 #     lo  
 $IPT -A INPUT -i lo -j ACCEPT 
 
 #       
 $IPT -A INPUT -i eth1 -j ACCEPT 
 $IPT -A INPUT -i vmbr1 -j ACCEPT 
 #       
 $IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT 
 $IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
 
 #     TCP-  SYN- 
 $IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP 
 
 #      
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH 
 $IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC 
 $IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel 
 
 #       SSH (  4  ) 
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP 
 
 #    netbios 
 $IPT -A INPUT -p tcp --dport 137:139 -j DROP 
 $IPT -A INPUT -p udp --dport 137:139 -j DROP 
 
 #   ICMP  
 $IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT 
 $IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT 
 
 #     
 $IPT -A INPUT -m state --state INVALID -j DROP 
 
 #   DHCP   iptables. 
 $IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT 
 
 #  - 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP 
 
 #  
 $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
 $IPT -N SYN_FLOOD 
 $IPT -A INPUT -p tcp --syn -j SYN_FLOOD 
 $IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN 
 $IPT -A SYN_FLOOD -j DROP 
 
 ;; 
 stop) 
 echo "Stopping iptables" 
 
 $IPT -F 
 $IPT -X 
 
 $IPT -P INPUT ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 $IPT -P FORWARD ACCEPT 
 ;; 
 *) 
 echo "Usage: /etc/init.d/iptables {start|stop}" 
 exit 1 
 ;; 
 esac 
 
 exit 0 
 
 3.   
      
 mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date 
         web-. 
   /usr/share/pve-manager/ext4/pvemanagerlib.js   
 if (data.status !== 'Active') { 
    
 if (data.status == 'Active') { 
      Proxmox: 'exit code 60′ – corrupt quota file    , 
   . 
 vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID] 
    (cluster not ready - no quorum),      , 
   ,      
 pvecm e (  ) 
   OpenVZ 
  [VEID]  
 vzctl start [VEID] 
    
 vzctl enter [VEID] 
  
 vzctl stop [VEID] 
  
 vzctl restart [VEID] 
  
 vzctl destroy [VEID] 
   
 vzlist -a 
 
   -        ,     ,    . 
 
 UPD-1:  vlan 
 
       2 .     151,152,666 
  : 
  /etc/network/interfaces 
  auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0 
    
 apt-get install vlan 
    
 ifup vlan151 ifup vlan152 ifup vlan666 
      ifconfig 
 
      ,    (network),   ,     
  
        . 
 
 
  : 
     ,     ,     debian 
  /etc/network/interfaces.tail 
 auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0 
  
 cat /etc/network/interfaces.tail >> /etc/network/interfaces 
  *.tail   ,          web ,     . 
 
 
      ,    , -        -    ,   . 

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

   ,    ( ).  ,  X-       . 
 
 ,   Skype ( Skypiax)      UID "Skype": 
 su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &» 
 
 1.6.    
   ,     ,   sda4 
 vzctl set [VEID] --devnodes sda4:rw --save 
 1.7.  tun/tap 
     vpn  ,     . 
 
     
 lsmod | grep tun 
    
 modprobe tun echo "tun" >> /etc/modules 
 vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID] 
   ,    -. 
 
  
          ,   . 
 nano /etc/vz/vz.conf 
    IPTABLES     
 IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp" 
    VZ 
 /etc/init.d/vz restart 
         . 
 
  ,  ,      ( ,    ) 
 nano /etc/modules 
 ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop 
     
        #!/bin/sh 
 ### BEGIN INIT INFO 
 # Provides: iptables.sh 
 # Required-Start: $all 
 # Required-Stop: $all 
 # Default-Start: 2 3 4 5 
 # Default-Stop: 0 1 6 
 # Short-Description: My firewall 
 # Description: Rico-X FIREWALL 
 ### END INIT INFO 
 # /etc/init.d/iptables 
 
 IPT=/sbin/iptables 
 
 case "$1" in 
 start) 
 echo "Starting iptables" 
 
 sysctl -w net.ipv4.tcp_synack_retries=1 
 sysctl -w net.ipv4.tcp_max_syn_backlog=4096 
 sysctl -w net.ipv4.tcp_fin_timeout=10 
 sysctl -w net.ipv4.tcp_syncookies=1 
 sysctl -w net.ipv4.tcp_keepalive_intvl=10 
 sysctl -w net.ipv4.tcp_keepalive_probes=5 
 sysctl -w net.ipv4.tcp_keepalive_time=60 
 sysctl -w net.ipv4.conf.default.rp_filter=1 
 #sysctl -w net.ipv4.ip_forward=0 
 
 #     
 $IPT -P INPUT DROP 
 $IPT -P FORWARD ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 
 #     ,     
 $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 #     lo  
 $IPT -A INPUT -i lo -j ACCEPT 
 
 #       
 $IPT -A INPUT -i eth1 -j ACCEPT 
 $IPT -A INPUT -i vmbr1 -j ACCEPT 
 #       
 $IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT 
 $IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
 
 #     TCP-  SYN- 
 $IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP 
 
 #      
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH 
 $IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC 
 $IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel 
 
 #       SSH (  4  ) 
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP 
 
 #    netbios 
 $IPT -A INPUT -p tcp --dport 137:139 -j DROP 
 $IPT -A INPUT -p udp --dport 137:139 -j DROP 
 
 #   ICMP  
 $IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT 
 $IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT 
 
 #     
 $IPT -A INPUT -m state --state INVALID -j DROP 
 
 #   DHCP   iptables. 
 $IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT 
 
 #  - 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP 
 
 #  
 $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
 $IPT -N SYN_FLOOD 
 $IPT -A INPUT -p tcp --syn -j SYN_FLOOD 
 $IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN 
 $IPT -A SYN_FLOOD -j DROP 
 
 ;; 
 stop) 
 echo "Stopping iptables" 
 
 $IPT -F 
 $IPT -X 
 
 $IPT -P INPUT ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 $IPT -P FORWARD ACCEPT 
 ;; 
 *) 
 echo "Usage: /etc/init.d/iptables {start|stop}" 
 exit 1 
 ;; 
 esac 
 
 exit 0 
 
 3.   
      
 mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date 
         web-. 
   /usr/share/pve-manager/ext4/pvemanagerlib.js   
 if (data.status !== 'Active') { 
    
 if (data.status == 'Active') { 
      Proxmox: 'exit code 60′ – corrupt quota file    , 
   . 
 vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID] 
    (cluster not ready - no quorum),      , 
   ,      
 pvecm e (  ) 
   OpenVZ 
  [VEID]  
 vzctl start [VEID] 
    
 vzctl enter [VEID] 
  
 vzctl stop [VEID] 
  
 vzctl restart [VEID] 
  
 vzctl destroy [VEID] 
   
 vzlist -a 
 
   -        ,     ,    . 
 
 UPD-1:  vlan 
 
       2 .     151,152,666 
  : 
  /etc/network/interfaces 
  auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0 
    
 apt-get install vlan 
    
 ifup vlan151 ifup vlan152 ifup vlan666 
      ifconfig 
 
      ,    (network),   ,     
  
        . 
 
 
  : 
     ,     ,     debian 
  /etc/network/interfaces.tail 
 auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0 
  
 cat /etc/network/interfaces.tail >> /etc/network/interfaces 
  *.tail   ,          web ,     . 
 
 
      ,    , -        -    ,   . 

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

   ,    ( ).  ,  X-       . 
 
 ,   Skype ( Skypiax)      UID "Skype": 
 su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &» 
 
 1.6.    
   ,     ,   sda4 
 vzctl set [VEID] --devnodes sda4:rw --save 
 1.7.  tun/tap 
     vpn  ,     . 
 
     
 lsmod | grep tun 
    
 modprobe tun echo "tun" >> /etc/modules 
 vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID] 
   ,    -. 
 
  
          ,   . 
 nano /etc/vz/vz.conf 
    IPTABLES     
 IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp" 
    VZ 
 /etc/init.d/vz restart 
         . 
 
  ,  ,      ( ,    ) 
 nano /etc/modules 
 ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop 
     
        #!/bin/sh 
 ### BEGIN INIT INFO 
 # Provides: iptables.sh 
 # Required-Start: $all 
 # Required-Stop: $all 
 # Default-Start: 2 3 4 5 
 # Default-Stop: 0 1 6 
 # Short-Description: My firewall 
 # Description: Rico-X FIREWALL 
 ### END INIT INFO 
 # /etc/init.d/iptables 
 
 IPT=/sbin/iptables 
 
 case "$1" in 
 start) 
 echo "Starting iptables" 
 
 sysctl -w net.ipv4.tcp_synack_retries=1 
 sysctl -w net.ipv4.tcp_max_syn_backlog=4096 
 sysctl -w net.ipv4.tcp_fin_timeout=10 
 sysctl -w net.ipv4.tcp_syncookies=1 
 sysctl -w net.ipv4.tcp_keepalive_intvl=10 
 sysctl -w net.ipv4.tcp_keepalive_probes=5 
 sysctl -w net.ipv4.tcp_keepalive_time=60 
 sysctl -w net.ipv4.conf.default.rp_filter=1 
 #sysctl -w net.ipv4.ip_forward=0 
 
 #     
 $IPT -P INPUT DROP 
 $IPT -P FORWARD ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 
 #     ,     
 $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 #     lo  
 $IPT -A INPUT -i lo -j ACCEPT 
 
 #       
 $IPT -A INPUT -i eth1 -j ACCEPT 
 $IPT -A INPUT -i vmbr1 -j ACCEPT 
 #       
 $IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT 
 $IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
 
 #     TCP-  SYN- 
 $IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP 
 
 #      
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH 
 $IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC 
 $IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel 
 
 #       SSH (  4  ) 
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP 
 
 #    netbios 
 $IPT -A INPUT -p tcp --dport 137:139 -j DROP 
 $IPT -A INPUT -p udp --dport 137:139 -j DROP 
 
 #   ICMP  
 $IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT 
 $IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT 
 
 #     
 $IPT -A INPUT -m state --state INVALID -j DROP 
 
 #   DHCP   iptables. 
 $IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT 
 
 #  - 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP 
 
 #  
 $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
 $IPT -N SYN_FLOOD 
 $IPT -A INPUT -p tcp --syn -j SYN_FLOOD 
 $IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN 
 $IPT -A SYN_FLOOD -j DROP 
 
 ;; 
 stop) 
 echo "Stopping iptables" 
 
 $IPT -F 
 $IPT -X 
 
 $IPT -P INPUT ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 $IPT -P FORWARD ACCEPT 
 ;; 
 *) 
 echo "Usage: /etc/init.d/iptables {start|stop}" 
 exit 1 
 ;; 
 esac 
 
 exit 0 
 
 3.   
      
 mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date 
         web-. 
   /usr/share/pve-manager/ext4/pvemanagerlib.js   
 if (data.status !== 'Active') { 
    
 if (data.status == 'Active') { 
      Proxmox: 'exit code 60′ – corrupt quota file    , 
   . 
 vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID] 
    (cluster not ready - no quorum),      , 
   ,      
 pvecm e (  ) 
   OpenVZ 
  [VEID]  
 vzctl start [VEID] 
    
 vzctl enter [VEID] 
  
 vzctl stop [VEID] 
  
 vzctl restart [VEID] 
  
 vzctl destroy [VEID] 
   
 vzlist -a 
 
   -        ,     ,    . 
 
 UPD-1:  vlan 
 
       2 .     151,152,666 
  : 
  /etc/network/interfaces 
  auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0 
    
 apt-get install vlan 
    
 ifup vlan151 ifup vlan152 ifup vlan666 
      ifconfig 
 
      ,    (network),   ,     
  
        . 
 
 
  : 
     ,     ,     debian 
  /etc/network/interfaces.tail 
 auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0 
  
 cat /etc/network/interfaces.tail >> /etc/network/interfaces 
  *.tail   ,          web ,     . 
 
 
      ,    , -        -    ,   . 

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

   ,    ( ).  ,  X-       . 
 
 ,   Skype ( Skypiax)      UID "Skype": 
 su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &» 
 
 1.6.    
   ,     ,   sda4 
 vzctl set [VEID] --devnodes sda4:rw --save 
 1.7.  tun/tap 
     vpn  ,     . 
 
     
 lsmod | grep tun 
    
 modprobe tun echo "tun" >> /etc/modules 
 vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID] 
   ,    -. 
 
  
          ,   . 
 nano /etc/vz/vz.conf 
    IPTABLES     
 IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp" 
    VZ 
 /etc/init.d/vz restart 
         . 
 
  ,  ,      ( ,    ) 
 nano /etc/modules 
 ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop 
     
        #!/bin/sh 
 ### BEGIN INIT INFO 
 # Provides: iptables.sh 
 # Required-Start: $all 
 # Required-Stop: $all 
 # Default-Start: 2 3 4 5 
 # Default-Stop: 0 1 6 
 # Short-Description: My firewall 
 # Description: Rico-X FIREWALL 
 ### END INIT INFO 
 # /etc/init.d/iptables 
 
 IPT=/sbin/iptables 
 
 case "$1" in 
 start) 
 echo "Starting iptables" 
 
 sysctl -w net.ipv4.tcp_synack_retries=1 
 sysctl -w net.ipv4.tcp_max_syn_backlog=4096 
 sysctl -w net.ipv4.tcp_fin_timeout=10 
 sysctl -w net.ipv4.tcp_syncookies=1 
 sysctl -w net.ipv4.tcp_keepalive_intvl=10 
 sysctl -w net.ipv4.tcp_keepalive_probes=5 
 sysctl -w net.ipv4.tcp_keepalive_time=60 
 sysctl -w net.ipv4.conf.default.rp_filter=1 
 #sysctl -w net.ipv4.ip_forward=0 
 
 #     
 $IPT -P INPUT DROP 
 $IPT -P FORWARD ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 
 #     ,     
 $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 #     lo  
 $IPT -A INPUT -i lo -j ACCEPT 
 
 #       
 $IPT -A INPUT -i eth1 -j ACCEPT 
 $IPT -A INPUT -i vmbr1 -j ACCEPT 
 #       
 $IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT 
 $IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
 
 #     TCP-  SYN- 
 $IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP 
 
 #      
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH 
 $IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC 
 $IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel 
 
 #       SSH (  4  ) 
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP 
 
 #    netbios 
 $IPT -A INPUT -p tcp --dport 137:139 -j DROP 
 $IPT -A INPUT -p udp --dport 137:139 -j DROP 
 
 #   ICMP  
 $IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT 
 $IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT 
 
 #     
 $IPT -A INPUT -m state --state INVALID -j DROP 
 
 #   DHCP   iptables. 
 $IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT 
 
 #  - 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP 
 
 #  
 $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
 $IPT -N SYN_FLOOD 
 $IPT -A INPUT -p tcp --syn -j SYN_FLOOD 
 $IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN 
 $IPT -A SYN_FLOOD -j DROP 
 
 ;; 
 stop) 
 echo "Stopping iptables" 
 
 $IPT -F 
 $IPT -X 
 
 $IPT -P INPUT ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 $IPT -P FORWARD ACCEPT 
 ;; 
 *) 
 echo "Usage: /etc/init.d/iptables {start|stop}" 
 exit 1 
 ;; 
 esac 
 
 exit 0 
 
 3.   
      
 mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date 
         web-. 
   /usr/share/pve-manager/ext4/pvemanagerlib.js   
 if (data.status !== 'Active') { 
    
 if (data.status == 'Active') { 
      Proxmox: 'exit code 60′ – corrupt quota file    , 
   . 
 vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID] 
    (cluster not ready - no quorum),      , 
   ,      
 pvecm e (  ) 
   OpenVZ 
  [VEID]  
 vzctl start [VEID] 
    
 vzctl enter [VEID] 
  
 vzctl stop [VEID] 
  
 vzctl restart [VEID] 
  
 vzctl destroy [VEID] 
   
 vzlist -a 
 
   -        ,     ,    . 
 
 UPD-1:  vlan 
 
       2 .     151,152,666 
  : 
  /etc/network/interfaces 
  auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0 
    
 apt-get install vlan 
    
 ifup vlan151 ifup vlan152 ifup vlan666 
      ifconfig 
 
      ,    (network),   ,     
  
        . 
 
 
  : 
     ,     ,     debian 
  /etc/network/interfaces.tail 
 auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0 
  
 cat /etc/network/interfaces.tail >> /etc/network/interfaces 
  *.tail   ,          web ,     . 
 
 
      ,    , -        -    ,   . 

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

   ,    ( ).  ,  X-       . 
 
 ,   Skype ( Skypiax)      UID "Skype": 
 su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &» 
 
 1.6.    
   ,     ,   sda4 
 vzctl set [VEID] --devnodes sda4:rw --save 
 1.7.  tun/tap 
     vpn  ,     . 
 
     
 lsmod | grep tun 
    
 modprobe tun echo "tun" >> /etc/modules 
 vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID] 
   ,    -. 
 
  
          ,   . 
 nano /etc/vz/vz.conf 
    IPTABLES     
 IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp" 
    VZ 
 /etc/init.d/vz restart 
         . 
 
  ,  ,      ( ,    ) 
 nano /etc/modules 
 ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop 
     
        #!/bin/sh 
 ### BEGIN INIT INFO 
 # Provides: iptables.sh 
 # Required-Start: $all 
 # Required-Stop: $all 
 # Default-Start: 2 3 4 5 
 # Default-Stop: 0 1 6 
 # Short-Description: My firewall 
 # Description: Rico-X FIREWALL 
 ### END INIT INFO 
 # /etc/init.d/iptables 
 
 IPT=/sbin/iptables 
 
 case "$1" in 
 start) 
 echo "Starting iptables" 
 
 sysctl -w net.ipv4.tcp_synack_retries=1 
 sysctl -w net.ipv4.tcp_max_syn_backlog=4096 
 sysctl -w net.ipv4.tcp_fin_timeout=10 
 sysctl -w net.ipv4.tcp_syncookies=1 
 sysctl -w net.ipv4.tcp_keepalive_intvl=10 
 sysctl -w net.ipv4.tcp_keepalive_probes=5 
 sysctl -w net.ipv4.tcp_keepalive_time=60 
 sysctl -w net.ipv4.conf.default.rp_filter=1 
 #sysctl -w net.ipv4.ip_forward=0 
 
 #     
 $IPT -P INPUT DROP 
 $IPT -P FORWARD ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 
 #     ,     
 $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 #     lo  
 $IPT -A INPUT -i lo -j ACCEPT 
 
 #       
 $IPT -A INPUT -i eth1 -j ACCEPT 
 $IPT -A INPUT -i vmbr1 -j ACCEPT 
 #       
 $IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT 
 $IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
 
 #     TCP-  SYN- 
 $IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP 
 
 #      
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH 
 $IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC 
 $IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel 
 
 #       SSH (  4  ) 
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP 
 
 #    netbios 
 $IPT -A INPUT -p tcp --dport 137:139 -j DROP 
 $IPT -A INPUT -p udp --dport 137:139 -j DROP 
 
 #   ICMP  
 $IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT 
 $IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT 
 
 #     
 $IPT -A INPUT -m state --state INVALID -j DROP 
 
 #   DHCP   iptables. 
 $IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT 
 
 #  - 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP 
 
 #  
 $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
 $IPT -N SYN_FLOOD 
 $IPT -A INPUT -p tcp --syn -j SYN_FLOOD 
 $IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN 
 $IPT -A SYN_FLOOD -j DROP 
 
 ;; 
 stop) 
 echo "Stopping iptables" 
 
 $IPT -F 
 $IPT -X 
 
 $IPT -P INPUT ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 $IPT -P FORWARD ACCEPT 
 ;; 
 *) 
 echo "Usage: /etc/init.d/iptables {start|stop}" 
 exit 1 
 ;; 
 esac 
 
 exit 0 
 
 3.   
      
 mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date 
         web-. 
   /usr/share/pve-manager/ext4/pvemanagerlib.js   
 if (data.status !== 'Active') { 
    
 if (data.status == 'Active') { 
      Proxmox: 'exit code 60′ – corrupt quota file    , 
   . 
 vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID] 
    (cluster not ready - no quorum),      , 
   ,      
 pvecm e (  ) 
   OpenVZ 
  [VEID]  
 vzctl start [VEID] 
    
 vzctl enter [VEID] 
  
 vzctl stop [VEID] 
  
 vzctl restart [VEID] 
  
 vzctl destroy [VEID] 
   
 vzlist -a 
 
   -        ,     ,    . 
 
 UPD-1:  vlan 
 
       2 .     151,152,666 
  : 
  /etc/network/interfaces 
  auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0 
    
 apt-get install vlan 
    
 ifup vlan151 ifup vlan152 ifup vlan666 
      ifconfig 
 
      ,    (network),   ,     
  
        . 
 
 
  : 
     ,     ,     debian 
  /etc/network/interfaces.tail 
 auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0 
  
 cat /etc/network/interfaces.tail >> /etc/network/interfaces 
  *.tail   ,          web ,     . 
 
 
      ,    , -        -    ,   . 

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

   ,    ( ).  ,  X-       . 
 
 ,   Skype ( Skypiax)      UID "Skype": 
 su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &» 
 
 1.6.    
   ,     ,   sda4 
 vzctl set [VEID] --devnodes sda4:rw --save 
 1.7.  tun/tap 
     vpn  ,     . 
 
     
 lsmod | grep tun 
    
 modprobe tun echo "tun" >> /etc/modules 
 vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID] 
   ,    -. 
 
  
          ,   . 
 nano /etc/vz/vz.conf 
    IPTABLES     
 IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp" 
    VZ 
 /etc/init.d/vz restart 
         . 
 
  ,  ,      ( ,    ) 
 nano /etc/modules 
 ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop 
     
        #!/bin/sh 
 ### BEGIN INIT INFO 
 # Provides: iptables.sh 
 # Required-Start: $all 
 # Required-Stop: $all 
 # Default-Start: 2 3 4 5 
 # Default-Stop: 0 1 6 
 # Short-Description: My firewall 
 # Description: Rico-X FIREWALL 
 ### END INIT INFO 
 # /etc/init.d/iptables 
 
 IPT=/sbin/iptables 
 
 case "$1" in 
 start) 
 echo "Starting iptables" 
 
 sysctl -w net.ipv4.tcp_synack_retries=1 
 sysctl -w net.ipv4.tcp_max_syn_backlog=4096 
 sysctl -w net.ipv4.tcp_fin_timeout=10 
 sysctl -w net.ipv4.tcp_syncookies=1 
 sysctl -w net.ipv4.tcp_keepalive_intvl=10 
 sysctl -w net.ipv4.tcp_keepalive_probes=5 
 sysctl -w net.ipv4.tcp_keepalive_time=60 
 sysctl -w net.ipv4.conf.default.rp_filter=1 
 #sysctl -w net.ipv4.ip_forward=0 
 
 #     
 $IPT -P INPUT DROP 
 $IPT -P FORWARD ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 
 #     ,     
 $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 #     lo  
 $IPT -A INPUT -i lo -j ACCEPT 
 
 #       
 $IPT -A INPUT -i eth1 -j ACCEPT 
 $IPT -A INPUT -i vmbr1 -j ACCEPT 
 #       
 $IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT 
 $IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
 
 #     TCP-  SYN- 
 $IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP 
 
 #      
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH 
 $IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC 
 $IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel 
 
 #       SSH (  4  ) 
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP 
 
 #    netbios 
 $IPT -A INPUT -p tcp --dport 137:139 -j DROP 
 $IPT -A INPUT -p udp --dport 137:139 -j DROP 
 
 #   ICMP  
 $IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT 
 $IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT 
 
 #     
 $IPT -A INPUT -m state --state INVALID -j DROP 
 
 #   DHCP   iptables. 
 $IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT 
 
 #  - 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP 
 
 #  
 $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
 $IPT -N SYN_FLOOD 
 $IPT -A INPUT -p tcp --syn -j SYN_FLOOD 
 $IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN 
 $IPT -A SYN_FLOOD -j DROP 
 
 ;; 
 stop) 
 echo "Stopping iptables" 
 
 $IPT -F 
 $IPT -X 
 
 $IPT -P INPUT ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 $IPT -P FORWARD ACCEPT 
 ;; 
 *) 
 echo "Usage: /etc/init.d/iptables {start|stop}" 
 exit 1 
 ;; 
 esac 
 
 exit 0 
 
 3.   
      
 mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date 
         web-. 
   /usr/share/pve-manager/ext4/pvemanagerlib.js   
 if (data.status !== 'Active') { 
    
 if (data.status == 'Active') { 
      Proxmox: 'exit code 60′ – corrupt quota file    , 
   . 
 vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID] 
    (cluster not ready - no quorum),      , 
   ,      
 pvecm e (  ) 
   OpenVZ 
  [VEID]  
 vzctl start [VEID] 
    
 vzctl enter [VEID] 
  
 vzctl stop [VEID] 
  
 vzctl restart [VEID] 
  
 vzctl destroy [VEID] 
   
 vzlist -a 
 
   -        ,     ,    . 
 
 UPD-1:  vlan 
 
       2 .     151,152,666 
  : 
  /etc/network/interfaces 
  auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0 
    
 apt-get install vlan 
    
 ifup vlan151 ifup vlan152 ifup vlan666 
      ifconfig 
 
      ,    (network),   ,     
  
        . 
 
 
  : 
     ,     ,     debian 
  /etc/network/interfaces.tail 
 auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0 
  
 cat /etc/network/interfaces.tail >> /etc/network/interfaces 
  *.tail   ,          web ,     . 
 
 
      ,    , -        -    ,   . 

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

   ,    ( ).  ,  X-       . 
 
 ,   Skype ( Skypiax)      UID "Skype": 
 su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &» 
 
 1.6.    
   ,     ,   sda4 
 vzctl set [VEID] --devnodes sda4:rw --save 
 1.7.  tun/tap 
     vpn  ,     . 
 
     
 lsmod | grep tun 
    
 modprobe tun echo "tun" >> /etc/modules 
 vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID] 
   ,    -. 
 
  
          ,   . 
 nano /etc/vz/vz.conf 
    IPTABLES     
 IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp" 
    VZ 
 /etc/init.d/vz restart 
         . 
 
  ,  ,      ( ,    ) 
 nano /etc/modules 
 ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop 
     
        #!/bin/sh 
 ### BEGIN INIT INFO 
 # Provides: iptables.sh 
 # Required-Start: $all 
 # Required-Stop: $all 
 # Default-Start: 2 3 4 5 
 # Default-Stop: 0 1 6 
 # Short-Description: My firewall 
 # Description: Rico-X FIREWALL 
 ### END INIT INFO 
 # /etc/init.d/iptables 
 
 IPT=/sbin/iptables 
 
 case "$1" in 
 start) 
 echo "Starting iptables" 
 
 sysctl -w net.ipv4.tcp_synack_retries=1 
 sysctl -w net.ipv4.tcp_max_syn_backlog=4096 
 sysctl -w net.ipv4.tcp_fin_timeout=10 
 sysctl -w net.ipv4.tcp_syncookies=1 
 sysctl -w net.ipv4.tcp_keepalive_intvl=10 
 sysctl -w net.ipv4.tcp_keepalive_probes=5 
 sysctl -w net.ipv4.tcp_keepalive_time=60 
 sysctl -w net.ipv4.conf.default.rp_filter=1 
 #sysctl -w net.ipv4.ip_forward=0 
 
 #     
 $IPT -P INPUT DROP 
 $IPT -P FORWARD ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 
 #     ,     
 $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 #     lo  
 $IPT -A INPUT -i lo -j ACCEPT 
 
 #       
 $IPT -A INPUT -i eth1 -j ACCEPT 
 $IPT -A INPUT -i vmbr1 -j ACCEPT 
 #       
 $IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT 
 $IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
 
 #     TCP-  SYN- 
 $IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP 
 
 #      
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH 
 $IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC 
 $IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel 
 
 #       SSH (  4  ) 
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP 
 
 #    netbios 
 $IPT -A INPUT -p tcp --dport 137:139 -j DROP 
 $IPT -A INPUT -p udp --dport 137:139 -j DROP 
 
 #   ICMP  
 $IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT 
 $IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT 
 
 #     
 $IPT -A INPUT -m state --state INVALID -j DROP 
 
 #   DHCP   iptables. 
 $IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT 
 
 #  - 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP 
 
 #  
 $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
 $IPT -N SYN_FLOOD 
 $IPT -A INPUT -p tcp --syn -j SYN_FLOOD 
 $IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN 
 $IPT -A SYN_FLOOD -j DROP 
 
 ;; 
 stop) 
 echo "Stopping iptables" 
 
 $IPT -F 
 $IPT -X 
 
 $IPT -P INPUT ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 $IPT -P FORWARD ACCEPT 
 ;; 
 *) 
 echo "Usage: /etc/init.d/iptables {start|stop}" 
 exit 1 
 ;; 
 esac 
 
 exit 0 
 
 3.   
      
 mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date 
         web-. 
   /usr/share/pve-manager/ext4/pvemanagerlib.js   
 if (data.status !== 'Active') { 
    
 if (data.status == 'Active') { 
      Proxmox: 'exit code 60′ – corrupt quota file    , 
   . 
 vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID] 
    (cluster not ready - no quorum),      , 
   ,      
 pvecm e (  ) 
   OpenVZ 
  [VEID]  
 vzctl start [VEID] 
    
 vzctl enter [VEID] 
  
 vzctl stop [VEID] 
  
 vzctl restart [VEID] 
  
 vzctl destroy [VEID] 
   
 vzlist -a 
 
   -        ,     ,    . 
 
 UPD-1:  vlan 
 
       2 .     151,152,666 
  : 
  /etc/network/interfaces 
  auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0 
    
 apt-get install vlan 
    
 ifup vlan151 ifup vlan152 ifup vlan666 
      ifconfig 
 
      ,    (network),   ,     
  
        . 
 
 
  : 
     ,     ,     debian 
  /etc/network/interfaces.tail 
 auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0 
  
 cat /etc/network/interfaces.tail >> /etc/network/interfaces 
  *.tail   ,          web ,     . 
 
 
      ,    , -        -    ,   . 

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

   ,    ( ).  ,  X-       . 
 
 ,   Skype ( Skypiax)      UID "Skype": 
 su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &» 
 
 1.6.    
   ,     ,   sda4 
 vzctl set [VEID] --devnodes sda4:rw --save 
 1.7.  tun/tap 
     vpn  ,     . 
 
     
 lsmod | grep tun 
    
 modprobe tun echo "tun" >> /etc/modules 
 vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID] 
   ,    -. 
 
  
          ,   . 
 nano /etc/vz/vz.conf 
    IPTABLES     
 IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp" 
    VZ 
 /etc/init.d/vz restart 
         . 
 
  ,  ,      ( ,    ) 
 nano /etc/modules 
 ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop 
     
        #!/bin/sh 
 ### BEGIN INIT INFO 
 # Provides: iptables.sh 
 # Required-Start: $all 
 # Required-Stop: $all 
 # Default-Start: 2 3 4 5 
 # Default-Stop: 0 1 6 
 # Short-Description: My firewall 
 # Description: Rico-X FIREWALL 
 ### END INIT INFO 
 # /etc/init.d/iptables 
 
 IPT=/sbin/iptables 
 
 case "$1" in 
 start) 
 echo "Starting iptables" 
 
 sysctl -w net.ipv4.tcp_synack_retries=1 
 sysctl -w net.ipv4.tcp_max_syn_backlog=4096 
 sysctl -w net.ipv4.tcp_fin_timeout=10 
 sysctl -w net.ipv4.tcp_syncookies=1 
 sysctl -w net.ipv4.tcp_keepalive_intvl=10 
 sysctl -w net.ipv4.tcp_keepalive_probes=5 
 sysctl -w net.ipv4.tcp_keepalive_time=60 
 sysctl -w net.ipv4.conf.default.rp_filter=1 
 #sysctl -w net.ipv4.ip_forward=0 
 
 #     
 $IPT -P INPUT DROP 
 $IPT -P FORWARD ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 
 #     ,     
 $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 #     lo  
 $IPT -A INPUT -i lo -j ACCEPT 
 
 #       
 $IPT -A INPUT -i eth1 -j ACCEPT 
 $IPT -A INPUT -i vmbr1 -j ACCEPT 
 #       
 $IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT 
 $IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
 
 #     TCP-  SYN- 
 $IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP 
 
 #      
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH 
 $IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC 
 $IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel 
 
 #       SSH (  4  ) 
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP 
 
 #    netbios 
 $IPT -A INPUT -p tcp --dport 137:139 -j DROP 
 $IPT -A INPUT -p udp --dport 137:139 -j DROP 
 
 #   ICMP  
 $IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT 
 $IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT 
 
 #     
 $IPT -A INPUT -m state --state INVALID -j DROP 
 
 #   DHCP   iptables. 
 $IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT 
 
 #  - 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP 
 
 #  
 $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
 $IPT -N SYN_FLOOD 
 $IPT -A INPUT -p tcp --syn -j SYN_FLOOD 
 $IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN 
 $IPT -A SYN_FLOOD -j DROP 
 
 ;; 
 stop) 
 echo "Stopping iptables" 
 
 $IPT -F 
 $IPT -X 
 
 $IPT -P INPUT ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 $IPT -P FORWARD ACCEPT 
 ;; 
 *) 
 echo "Usage: /etc/init.d/iptables {start|stop}" 
 exit 1 
 ;; 
 esac 
 
 exit 0 
 
 3.   
      
 mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date 
         web-. 
   /usr/share/pve-manager/ext4/pvemanagerlib.js   
 if (data.status !== 'Active') { 
    
 if (data.status == 'Active') { 
      Proxmox: 'exit code 60′ – corrupt quota file    , 
   . 
 vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID] 
    (cluster not ready - no quorum),      , 
   ,      
 pvecm e (  ) 
   OpenVZ 
  [VEID]  
 vzctl start [VEID] 
    
 vzctl enter [VEID] 
  
 vzctl stop [VEID] 
  
 vzctl restart [VEID] 
  
 vzctl destroy [VEID] 
   
 vzlist -a 
 
   -        ,     ,    . 
 
 UPD-1:  vlan 
 
       2 .     151,152,666 
  : 
  /etc/network/interfaces 
  auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0 
    
 apt-get install vlan 
    
 ifup vlan151 ifup vlan152 ifup vlan666 
      ifconfig 
 
      ,    (network),   ,     
  
        . 
 
 
  : 
     ,     ,     debian 
  /etc/network/interfaces.tail 
 auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0 
  
 cat /etc/network/interfaces.tail >> /etc/network/interfaces 
  *.tail   ,          web ,     . 
 
 
      ,    , -        -    ,   . 

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

   ,    ( ).  ,  X-       . 
 
 ,   Skype ( Skypiax)      UID "Skype": 
 su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &» 
 
 1.6.    
   ,     ,   sda4 
 vzctl set [VEID] --devnodes sda4:rw --save 
 1.7.  tun/tap 
     vpn  ,     . 
 
     
 lsmod | grep tun 
    
 modprobe tun echo "tun" >> /etc/modules 
 vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID] 
   ,    -. 
 
  
          ,   . 
 nano /etc/vz/vz.conf 
    IPTABLES     
 IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp" 
    VZ 
 /etc/init.d/vz restart 
         . 
 
  ,  ,      ( ,    ) 
 nano /etc/modules 
 ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop 
     
        #!/bin/sh 
 ### BEGIN INIT INFO 
 # Provides: iptables.sh 
 # Required-Start: $all 
 # Required-Stop: $all 
 # Default-Start: 2 3 4 5 
 # Default-Stop: 0 1 6 
 # Short-Description: My firewall 
 # Description: Rico-X FIREWALL 
 ### END INIT INFO 
 # /etc/init.d/iptables 
 
 IPT=/sbin/iptables 
 
 case "$1" in 
 start) 
 echo "Starting iptables" 
 
 sysctl -w net.ipv4.tcp_synack_retries=1 
 sysctl -w net.ipv4.tcp_max_syn_backlog=4096 
 sysctl -w net.ipv4.tcp_fin_timeout=10 
 sysctl -w net.ipv4.tcp_syncookies=1 
 sysctl -w net.ipv4.tcp_keepalive_intvl=10 
 sysctl -w net.ipv4.tcp_keepalive_probes=5 
 sysctl -w net.ipv4.tcp_keepalive_time=60 
 sysctl -w net.ipv4.conf.default.rp_filter=1 
 #sysctl -w net.ipv4.ip_forward=0 
 
 #     
 $IPT -P INPUT DROP 
 $IPT -P FORWARD ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 
 #     ,     
 $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 #     lo  
 $IPT -A INPUT -i lo -j ACCEPT 
 
 #       
 $IPT -A INPUT -i eth1 -j ACCEPT 
 $IPT -A INPUT -i vmbr1 -j ACCEPT 
 #       
 $IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT 
 $IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
 
 #     TCP-  SYN- 
 $IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP 
 
 #      
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH 
 $IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC 
 $IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel 
 
 #       SSH (  4  ) 
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP 
 
 #    netbios 
 $IPT -A INPUT -p tcp --dport 137:139 -j DROP 
 $IPT -A INPUT -p udp --dport 137:139 -j DROP 
 
 #   ICMP  
 $IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT 
 $IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT 
 
 #     
 $IPT -A INPUT -m state --state INVALID -j DROP 
 
 #   DHCP   iptables. 
 $IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT 
 
 #  - 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP 
 
 #  
 $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
 $IPT -N SYN_FLOOD 
 $IPT -A INPUT -p tcp --syn -j SYN_FLOOD 
 $IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN 
 $IPT -A SYN_FLOOD -j DROP 
 
 ;; 
 stop) 
 echo "Stopping iptables" 
 
 $IPT -F 
 $IPT -X 
 
 $IPT -P INPUT ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 $IPT -P FORWARD ACCEPT 
 ;; 
 *) 
 echo "Usage: /etc/init.d/iptables {start|stop}" 
 exit 1 
 ;; 
 esac 
 
 exit 0 
 
 3.   
      
 mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date 
         web-. 
   /usr/share/pve-manager/ext4/pvemanagerlib.js   
 if (data.status !== 'Active') { 
    
 if (data.status == 'Active') { 
      Proxmox: 'exit code 60′ – corrupt quota file    , 
   . 
 vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID] 
    (cluster not ready - no quorum),      , 
   ,      
 pvecm e (  ) 
   OpenVZ 
  [VEID]  
 vzctl start [VEID] 
    
 vzctl enter [VEID] 
  
 vzctl stop [VEID] 
  
 vzctl restart [VEID] 
  
 vzctl destroy [VEID] 
   
 vzlist -a 
 
   -        ,     ,    . 
 
 UPD-1:  vlan 
 
       2 .     151,152,666 
  : 
  /etc/network/interfaces 
  auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0 
    
 apt-get install vlan 
    
 ifup vlan151 ifup vlan152 ifup vlan666 
      ifconfig 
 
      ,    (network),   ,     
  
        . 
 
 
  : 
     ,     ,     debian 
  /etc/network/interfaces.tail 
 auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0 
  
 cat /etc/network/interfaces.tail >> /etc/network/interfaces 
  *.tail   ,          web ,     . 
 
 
      ,    , -        -    ,   . 

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

   ,    ( ).  ,  X-       . 
 
 ,   Skype ( Skypiax)      UID "Skype": 
 su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &» 
 
 1.6.    
   ,     ,   sda4 
 vzctl set [VEID] --devnodes sda4:rw --save 
 1.7.  tun/tap 
     vpn  ,     . 
 
     
 lsmod | grep tun 
    
 modprobe tun echo "tun" >> /etc/modules 
 vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID] 
   ,    -. 
 
  
          ,   . 
 nano /etc/vz/vz.conf 
    IPTABLES     
 IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp" 
    VZ 
 /etc/init.d/vz restart 
         . 
 
  ,  ,      ( ,    ) 
 nano /etc/modules 
 ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop 
     
        #!/bin/sh 
 ### BEGIN INIT INFO 
 # Provides: iptables.sh 
 # Required-Start: $all 
 # Required-Stop: $all 
 # Default-Start: 2 3 4 5 
 # Default-Stop: 0 1 6 
 # Short-Description: My firewall 
 # Description: Rico-X FIREWALL 
 ### END INIT INFO 
 # /etc/init.d/iptables 
 
 IPT=/sbin/iptables 
 
 case "$1" in 
 start) 
 echo "Starting iptables" 
 
 sysctl -w net.ipv4.tcp_synack_retries=1 
 sysctl -w net.ipv4.tcp_max_syn_backlog=4096 
 sysctl -w net.ipv4.tcp_fin_timeout=10 
 sysctl -w net.ipv4.tcp_syncookies=1 
 sysctl -w net.ipv4.tcp_keepalive_intvl=10 
 sysctl -w net.ipv4.tcp_keepalive_probes=5 
 sysctl -w net.ipv4.tcp_keepalive_time=60 
 sysctl -w net.ipv4.conf.default.rp_filter=1 
 #sysctl -w net.ipv4.ip_forward=0 
 
 #     
 $IPT -P INPUT DROP 
 $IPT -P FORWARD ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 
 #     ,     
 $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 #     lo  
 $IPT -A INPUT -i lo -j ACCEPT 
 
 #       
 $IPT -A INPUT -i eth1 -j ACCEPT 
 $IPT -A INPUT -i vmbr1 -j ACCEPT 
 #       
 $IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT 
 $IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
 
 #     TCP-  SYN- 
 $IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP 
 
 #      
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH 
 $IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC 
 $IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel 
 
 #       SSH (  4  ) 
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP 
 
 #    netbios 
 $IPT -A INPUT -p tcp --dport 137:139 -j DROP 
 $IPT -A INPUT -p udp --dport 137:139 -j DROP 
 
 #   ICMP  
 $IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT 
 $IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT 
 
 #     
 $IPT -A INPUT -m state --state INVALID -j DROP 
 
 #   DHCP   iptables. 
 $IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT 
 
 #  - 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP 
 
 #  
 $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
 $IPT -N SYN_FLOOD 
 $IPT -A INPUT -p tcp --syn -j SYN_FLOOD 
 $IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN 
 $IPT -A SYN_FLOOD -j DROP 
 
 ;; 
 stop) 
 echo "Stopping iptables" 
 
 $IPT -F 
 $IPT -X 
 
 $IPT -P INPUT ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 $IPT -P FORWARD ACCEPT 
 ;; 
 *) 
 echo "Usage: /etc/init.d/iptables {start|stop}" 
 exit 1 
 ;; 
 esac 
 
 exit 0 
 
 3.   
      
 mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date 
         web-. 
   /usr/share/pve-manager/ext4/pvemanagerlib.js   
 if (data.status !== 'Active') { 
    
 if (data.status == 'Active') { 
      Proxmox: 'exit code 60′ – corrupt quota file    , 
   . 
 vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID] 
    (cluster not ready - no quorum),      , 
   ,      
 pvecm e (  ) 
   OpenVZ 
  [VEID]  
 vzctl start [VEID] 
    
 vzctl enter [VEID] 
  
 vzctl stop [VEID] 
  
 vzctl restart [VEID] 
  
 vzctl destroy [VEID] 
   
 vzlist -a 
 
   -        ,     ,    . 
 
 UPD-1:  vlan 
 
       2 .     151,152,666 
  : 
  /etc/network/interfaces 
  auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0 
    
 apt-get install vlan 
    
 ifup vlan151 ifup vlan152 ifup vlan666 
      ifconfig 
 
      ,    (network),   ,     
  
        . 
 
 
  : 
     ,     ,     debian 
  /etc/network/interfaces.tail 
 auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0 
  
 cat /etc/network/interfaces.tail >> /etc/network/interfaces 
  *.tail   ,          web ,     . 
 
 
      ,    , -        -    ,   . 

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , ., ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

   ,    ( ).  ,  X-       . 
 
 ,   Skype ( Skypiax)      UID "Skype": 
 su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &» 
 
 1.6.    
   ,     ,   sda4 
 vzctl set [VEID] --devnodes sda4:rw --save 
 1.7.  tun/tap 
     vpn  ,     . 
 
     
 lsmod | grep tun 
    
 modprobe tun echo "tun" >> /etc/modules 
 vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID] 
   ,    -. 
 
  
          ,   . 
 nano /etc/vz/vz.conf 
    IPTABLES     
 IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp" 
    VZ 
 /etc/init.d/vz restart 
         . 
 
  ,  ,      ( ,    ) 
 nano /etc/modules 
 ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop 
     
        #!/bin/sh 
 ### BEGIN INIT INFO 
 # Provides: iptables.sh 
 # Required-Start: $all 
 # Required-Stop: $all 
 # Default-Start: 2 3 4 5 
 # Default-Stop: 0 1 6 
 # Short-Description: My firewall 
 # Description: Rico-X FIREWALL 
 ### END INIT INFO 
 # /etc/init.d/iptables 
 
 IPT=/sbin/iptables 
 
 case "$1" in 
 start) 
 echo "Starting iptables" 
 
 sysctl -w net.ipv4.tcp_synack_retries=1 
 sysctl -w net.ipv4.tcp_max_syn_backlog=4096 
 sysctl -w net.ipv4.tcp_fin_timeout=10 
 sysctl -w net.ipv4.tcp_syncookies=1 
 sysctl -w net.ipv4.tcp_keepalive_intvl=10 
 sysctl -w net.ipv4.tcp_keepalive_probes=5 
 sysctl -w net.ipv4.tcp_keepalive_time=60 
 sysctl -w net.ipv4.conf.default.rp_filter=1 
 #sysctl -w net.ipv4.ip_forward=0 
 
 #     
 $IPT -P INPUT DROP 
 $IPT -P FORWARD ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 
 #     ,     
 $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 #     lo  
 $IPT -A INPUT -i lo -j ACCEPT 
 
 #       
 $IPT -A INPUT -i eth1 -j ACCEPT 
 $IPT -A INPUT -i vmbr1 -j ACCEPT 
 #       
 $IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT 
 $IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
 
 #     TCP-  SYN- 
 $IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP 
 
 #      
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH 
 $IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC 
 $IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel 
 
 #       SSH (  4  ) 
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP 
 
 #    netbios 
 $IPT -A INPUT -p tcp --dport 137:139 -j DROP 
 $IPT -A INPUT -p udp --dport 137:139 -j DROP 
 
 #   ICMP  
 $IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT 
 $IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT 
 
 #     
 $IPT -A INPUT -m state --state INVALID -j DROP 
 
 #   DHCP   iptables. 
 $IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT 
 
 #  - 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP 
 
 #  
 $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
 $IPT -N SYN_FLOOD 
 $IPT -A INPUT -p tcp --syn -j SYN_FLOOD 
 $IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN 
 $IPT -A SYN_FLOOD -j DROP 
 
 ;; 
 stop) 
 echo "Stopping iptables" 
 
 $IPT -F 
 $IPT -X 
 
 $IPT -P INPUT ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 $IPT -P FORWARD ACCEPT 
 ;; 
 *) 
 echo "Usage: /etc/init.d/iptables {start|stop}" 
 exit 1 
 ;; 
 esac 
 
 exit 0 
 
 3.   
      
 mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date 
         web-. 
   /usr/share/pve-manager/ext4/pvemanagerlib.js   
 if (data.status !== 'Active') { 
    
 if (data.status == 'Active') { 
      Proxmox: 'exit code 60′ – corrupt quota file    , 
   . 
 vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID] 
    (cluster not ready - no quorum),      , 
   ,      
 pvecm e (  ) 
   OpenVZ 
  [VEID]  
 vzctl start [VEID] 
    
 vzctl enter [VEID] 
  
 vzctl stop [VEID] 
  
 vzctl restart [VEID] 
  
 vzctl destroy [VEID] 
   
 vzlist -a 
 
   -        ,     ,    . 
 
 UPD-1:  vlan 
 
       2 .     151,152,666 
  : 
  /etc/network/interfaces 
  auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0 
    
 apt-get install vlan 
    
 ifup vlan151 ifup vlan152 ifup vlan666 
      ifconfig 
 
      ,    (network),   ,     
  
        . 
 
 
  : 
     ,     ,     debian 
  /etc/network/interfaces.tail 
 auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0 
  
 cat /etc/network/interfaces.tail >> /etc/network/interfaces 
  *.tail   ,          web ,     . 
 
 
      ,    , -        -    ,   . 

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

   ,    ( ).  ,  X-       . 
 
 ,   Skype ( Skypiax)      UID "Skype": 
 su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &» 
 
 1.6.    
   ,     ,   sda4 
 vzctl set [VEID] --devnodes sda4:rw --save 
 1.7.  tun/tap 
     vpn  ,     . 
 
     
 lsmod | grep tun 
    
 modprobe tun echo "tun" >> /etc/modules 
 vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID] 
   ,    -. 
 
  
          ,   . 
 nano /etc/vz/vz.conf 
    IPTABLES     
 IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp" 
    VZ 
 /etc/init.d/vz restart 
         . 
 
  ,  ,      ( ,    ) 
 nano /etc/modules 
 ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop 
     
        #!/bin/sh 
 ### BEGIN INIT INFO 
 # Provides: iptables.sh 
 # Required-Start: $all 
 # Required-Stop: $all 
 # Default-Start: 2 3 4 5 
 # Default-Stop: 0 1 6 
 # Short-Description: My firewall 
 # Description: Rico-X FIREWALL 
 ### END INIT INFO 
 # /etc/init.d/iptables 
 
 IPT=/sbin/iptables 
 
 case "$1" in 
 start) 
 echo "Starting iptables" 
 
 sysctl -w net.ipv4.tcp_synack_retries=1 
 sysctl -w net.ipv4.tcp_max_syn_backlog=4096 
 sysctl -w net.ipv4.tcp_fin_timeout=10 
 sysctl -w net.ipv4.tcp_syncookies=1 
 sysctl -w net.ipv4.tcp_keepalive_intvl=10 
 sysctl -w net.ipv4.tcp_keepalive_probes=5 
 sysctl -w net.ipv4.tcp_keepalive_time=60 
 sysctl -w net.ipv4.conf.default.rp_filter=1 
 #sysctl -w net.ipv4.ip_forward=0 
 
 #     
 $IPT -P INPUT DROP 
 $IPT -P FORWARD ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 
 #     ,     
 $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 #     lo  
 $IPT -A INPUT -i lo -j ACCEPT 
 
 #       
 $IPT -A INPUT -i eth1 -j ACCEPT 
 $IPT -A INPUT -i vmbr1 -j ACCEPT 
 #       
 $IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT 
 $IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
 
 #     TCP-  SYN- 
 $IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP 
 
 #      
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH 
 $IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC 
 $IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel 
 
 #       SSH (  4  ) 
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP 
 
 #    netbios 
 $IPT -A INPUT -p tcp --dport 137:139 -j DROP 
 $IPT -A INPUT -p udp --dport 137:139 -j DROP 
 
 #   ICMP  
 $IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT 
 $IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT 
 
 #     
 $IPT -A INPUT -m state --state INVALID -j DROP 
 
 #   DHCP   iptables. 
 $IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT 
 
 #  - 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP 
 
 #  
 $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
 $IPT -N SYN_FLOOD 
 $IPT -A INPUT -p tcp --syn -j SYN_FLOOD 
 $IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN 
 $IPT -A SYN_FLOOD -j DROP 
 
 ;; 
 stop) 
 echo "Stopping iptables" 
 
 $IPT -F 
 $IPT -X 
 
 $IPT -P INPUT ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 $IPT -P FORWARD ACCEPT 
 ;; 
 *) 
 echo "Usage: /etc/init.d/iptables {start|stop}" 
 exit 1 
 ;; 
 esac 
 
 exit 0 
 
 3.   
      
 mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date 
         web-. 
   /usr/share/pve-manager/ext4/pvemanagerlib.js   
 if (data.status !== 'Active') { 
    
 if (data.status == 'Active') { 
      Proxmox: 'exit code 60′ – corrupt quota file    , 
   . 
 vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID] 
    (cluster not ready - no quorum),      , 
   ,      
 pvecm e (  ) 
   OpenVZ 
  [VEID]  
 vzctl start [VEID] 
    
 vzctl enter [VEID] 
  
 vzctl stop [VEID] 
  
 vzctl restart [VEID] 
  
 vzctl destroy [VEID] 
   
 vzlist -a 
 
   -        ,     ,    . 
 
 UPD-1:  vlan 
 
       2 .     151,152,666 
  : 
  /etc/network/interfaces 
  auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0 
    
 apt-get install vlan 
    
 ifup vlan151 ifup vlan152 ifup vlan666 
      ifconfig 
 
      ,    (network),   ,     
  
        . 
 
 
  : 
     ,     ,     debian 
  /etc/network/interfaces.tail 
 auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0 
  
 cat /etc/network/interfaces.tail >> /etc/network/interfaces 
  *.tail   ,          web ,     . 
 
 
      ,    , -        -    ,   . 

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

   ,    ( ).  ,  X-       . 
 
 ,   Skype ( Skypiax)      UID "Skype": 
 su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &» 
 
 1.6.    
   ,     ,   sda4 
 vzctl set [VEID] --devnodes sda4:rw --save 
 1.7.  tun/tap 
     vpn  ,     . 
 
     
 lsmod | grep tun 
    
 modprobe tun echo "tun" >> /etc/modules 
 vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID] 
   ,    -. 
 
  
          ,   . 
 nano /etc/vz/vz.conf 
    IPTABLES     
 IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp" 
    VZ 
 /etc/init.d/vz restart 
         . 
 
  ,  ,      ( ,    ) 
 nano /etc/modules 
 ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop 
     
        #!/bin/sh 
 ### BEGIN INIT INFO 
 # Provides: iptables.sh 
 # Required-Start: $all 
 # Required-Stop: $all 
 # Default-Start: 2 3 4 5 
 # Default-Stop: 0 1 6 
 # Short-Description: My firewall 
 # Description: Rico-X FIREWALL 
 ### END INIT INFO 
 # /etc/init.d/iptables 
 
 IPT=/sbin/iptables 
 
 case "$1" in 
 start) 
 echo "Starting iptables" 
 
 sysctl -w net.ipv4.tcp_synack_retries=1 
 sysctl -w net.ipv4.tcp_max_syn_backlog=4096 
 sysctl -w net.ipv4.tcp_fin_timeout=10 
 sysctl -w net.ipv4.tcp_syncookies=1 
 sysctl -w net.ipv4.tcp_keepalive_intvl=10 
 sysctl -w net.ipv4.tcp_keepalive_probes=5 
 sysctl -w net.ipv4.tcp_keepalive_time=60 
 sysctl -w net.ipv4.conf.default.rp_filter=1 
 #sysctl -w net.ipv4.ip_forward=0 
 
 #     
 $IPT -P INPUT DROP 
 $IPT -P FORWARD ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 
 #     ,     
 $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 #     lo  
 $IPT -A INPUT -i lo -j ACCEPT 
 
 #       
 $IPT -A INPUT -i eth1 -j ACCEPT 
 $IPT -A INPUT -i vmbr1 -j ACCEPT 
 #       
 $IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT 
 $IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
 
 #     TCP-  SYN- 
 $IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP 
 
 #      
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH 
 $IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC 
 $IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel 
 
 #       SSH (  4  ) 
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP 
 
 #    netbios 
 $IPT -A INPUT -p tcp --dport 137:139 -j DROP 
 $IPT -A INPUT -p udp --dport 137:139 -j DROP 
 
 #   ICMP  
 $IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT 
 $IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT 
 
 #     
 $IPT -A INPUT -m state --state INVALID -j DROP 
 
 #   DHCP   iptables. 
 $IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT 
 
 #  - 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP 
 
 #  
 $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
 $IPT -N SYN_FLOOD 
 $IPT -A INPUT -p tcp --syn -j SYN_FLOOD 
 $IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN 
 $IPT -A SYN_FLOOD -j DROP 
 
 ;; 
 stop) 
 echo "Stopping iptables" 
 
 $IPT -F 
 $IPT -X 
 
 $IPT -P INPUT ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 $IPT -P FORWARD ACCEPT 
 ;; 
 *) 
 echo "Usage: /etc/init.d/iptables {start|stop}" 
 exit 1 
 ;; 
 esac 
 
 exit 0 
 
 3.   
      
 mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date 
         web-. 
   /usr/share/pve-manager/ext4/pvemanagerlib.js   
 if (data.status !== 'Active') { 
    
 if (data.status == 'Active') { 
      Proxmox: 'exit code 60′ – corrupt quota file    , 
   . 
 vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID] 
    (cluster not ready - no quorum),      , 
   ,      
 pvecm e (  ) 
   OpenVZ 
  [VEID]  
 vzctl start [VEID] 
    
 vzctl enter [VEID] 
  
 vzctl stop [VEID] 
  
 vzctl restart [VEID] 
  
 vzctl destroy [VEID] 
   
 vzlist -a 
 
   -        ,     ,    . 
 
 UPD-1:  vlan 
 
       2 .     151,152,666 
  : 
  /etc/network/interfaces 
  auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0 
    
 apt-get install vlan 
    
 ifup vlan151 ifup vlan152 ifup vlan666 
      ifconfig 
 
      ,    (network),   ,     
  
        . 
 
 
  : 
     ,     ,     debian 
  /etc/network/interfaces.tail 
 auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0 
  
 cat /etc/network/interfaces.tail >> /etc/network/interfaces 
  *.tail   ,          web ,     . 
 
 
      ,    , -        -    ,   . 

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

   ,    ( ).  ,  X-       . 
 
 ,   Skype ( Skypiax)      UID "Skype": 
 su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &» 
 
 1.6.    
   ,     ,   sda4 
 vzctl set [VEID] --devnodes sda4:rw --save 
 1.7.  tun/tap 
     vpn  ,     . 
 
     
 lsmod | grep tun 
    
 modprobe tun echo "tun" >> /etc/modules 
 vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID] 
   ,    -. 
 
  
          ,   . 
 nano /etc/vz/vz.conf 
    IPTABLES     
 IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp" 
    VZ 
 /etc/init.d/vz restart 
         . 
 
  ,  ,      ( ,    ) 
 nano /etc/modules 
 ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop 
     
        #!/bin/sh 
 ### BEGIN INIT INFO 
 # Provides: iptables.sh 
 # Required-Start: $all 
 # Required-Stop: $all 
 # Default-Start: 2 3 4 5 
 # Default-Stop: 0 1 6 
 # Short-Description: My firewall 
 # Description: Rico-X FIREWALL 
 ### END INIT INFO 
 # /etc/init.d/iptables 
 
 IPT=/sbin/iptables 
 
 case "$1" in 
 start) 
 echo "Starting iptables" 
 
 sysctl -w net.ipv4.tcp_synack_retries=1 
 sysctl -w net.ipv4.tcp_max_syn_backlog=4096 
 sysctl -w net.ipv4.tcp_fin_timeout=10 
 sysctl -w net.ipv4.tcp_syncookies=1 
 sysctl -w net.ipv4.tcp_keepalive_intvl=10 
 sysctl -w net.ipv4.tcp_keepalive_probes=5 
 sysctl -w net.ipv4.tcp_keepalive_time=60 
 sysctl -w net.ipv4.conf.default.rp_filter=1 
 #sysctl -w net.ipv4.ip_forward=0 
 
 #     
 $IPT -P INPUT DROP 
 $IPT -P FORWARD ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 
 #     ,     
 $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 #     lo  
 $IPT -A INPUT -i lo -j ACCEPT 
 
 #       
 $IPT -A INPUT -i eth1 -j ACCEPT 
 $IPT -A INPUT -i vmbr1 -j ACCEPT 
 #       
 $IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT 
 $IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
 
 #     TCP-  SYN- 
 $IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP 
 
 #      
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH 
 $IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC 
 $IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel 
 
 #       SSH (  4  ) 
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP 
 
 #    netbios 
 $IPT -A INPUT -p tcp --dport 137:139 -j DROP 
 $IPT -A INPUT -p udp --dport 137:139 -j DROP 
 
 #   ICMP  
 $IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT 
 $IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT 
 
 #     
 $IPT -A INPUT -m state --state INVALID -j DROP 
 
 #   DHCP   iptables. 
 $IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT 
 
 #  - 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP 
 
 #  
 $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
 $IPT -N SYN_FLOOD 
 $IPT -A INPUT -p tcp --syn -j SYN_FLOOD 
 $IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN 
 $IPT -A SYN_FLOOD -j DROP 
 
 ;; 
 stop) 
 echo "Stopping iptables" 
 
 $IPT -F 
 $IPT -X 
 
 $IPT -P INPUT ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 $IPT -P FORWARD ACCEPT 
 ;; 
 *) 
 echo "Usage: /etc/init.d/iptables {start|stop}" 
 exit 1 
 ;; 
 esac 
 
 exit 0 
 
 3.   
      
 mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date 
         web-. 
   /usr/share/pve-manager/ext4/pvemanagerlib.js   
 if (data.status !== 'Active') { 
    
 if (data.status == 'Active') { 
      Proxmox: 'exit code 60′ – corrupt quota file    , 
   . 
 vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID] 
    (cluster not ready - no quorum),      , 
   ,      
 pvecm e (  ) 
   OpenVZ 
  [VEID]  
 vzctl start [VEID] 
    
 vzctl enter [VEID] 
  
 vzctl stop [VEID] 
  
 vzctl restart [VEID] 
  
 vzctl destroy [VEID] 
   
 vzlist -a 
 
   -        ,     ,    . 
 
 UPD-1:  vlan 
 
       2 .     151,152,666 
  : 
  /etc/network/interfaces 
  auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0 
    
 apt-get install vlan 
    
 ifup vlan151 ifup vlan152 ifup vlan666 
      ifconfig 
 
      ,    (network),   ,     
  
        . 
 
 
  : 
     ,     ,     debian 
  /etc/network/interfaces.tail 
 auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0 
  
 cat /etc/network/interfaces.tail >> /etc/network/interfaces 
  *.tail   ,          web ,     . 
 
 
      ,    , -        -    ,   . 

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

   ,    ( ).  ,  X-       . 
 
 ,   Skype ( Skypiax)      UID "Skype": 
 su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &» 
 
 1.6.    
   ,     ,   sda4 
 vzctl set [VEID] --devnodes sda4:rw --save 
 1.7.  tun/tap 
     vpn  ,     . 
 
     
 lsmod | grep tun 
    
 modprobe tun echo "tun" >> /etc/modules 
 vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID] 
   ,    -. 
 
  
          ,   . 
 nano /etc/vz/vz.conf 
    IPTABLES     
 IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp" 
    VZ 
 /etc/init.d/vz restart 
         . 
 
  ,  ,      ( ,    ) 
 nano /etc/modules 
 ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop 
     
        #!/bin/sh 
 ### BEGIN INIT INFO 
 # Provides: iptables.sh 
 # Required-Start: $all 
 # Required-Stop: $all 
 # Default-Start: 2 3 4 5 
 # Default-Stop: 0 1 6 
 # Short-Description: My firewall 
 # Description: Rico-X FIREWALL 
 ### END INIT INFO 
 # /etc/init.d/iptables 
 
 IPT=/sbin/iptables 
 
 case "$1" in 
 start) 
 echo "Starting iptables" 
 
 sysctl -w net.ipv4.tcp_synack_retries=1 
 sysctl -w net.ipv4.tcp_max_syn_backlog=4096 
 sysctl -w net.ipv4.tcp_fin_timeout=10 
 sysctl -w net.ipv4.tcp_syncookies=1 
 sysctl -w net.ipv4.tcp_keepalive_intvl=10 
 sysctl -w net.ipv4.tcp_keepalive_probes=5 
 sysctl -w net.ipv4.tcp_keepalive_time=60 
 sysctl -w net.ipv4.conf.default.rp_filter=1 
 #sysctl -w net.ipv4.ip_forward=0 
 
 #     
 $IPT -P INPUT DROP 
 $IPT -P FORWARD ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 
 #     ,     
 $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 #     lo  
 $IPT -A INPUT -i lo -j ACCEPT 
 
 #       
 $IPT -A INPUT -i eth1 -j ACCEPT 
 $IPT -A INPUT -i vmbr1 -j ACCEPT 
 #       
 $IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT 
 $IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
 
 #     TCP-  SYN- 
 $IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP 
 
 #      
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH 
 $IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC 
 $IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel 
 
 #       SSH (  4  ) 
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP 
 
 #    netbios 
 $IPT -A INPUT -p tcp --dport 137:139 -j DROP 
 $IPT -A INPUT -p udp --dport 137:139 -j DROP 
 
 #   ICMP  
 $IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT 
 $IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT 
 
 #     
 $IPT -A INPUT -m state --state INVALID -j DROP 
 
 #   DHCP   iptables. 
 $IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT 
 
 #  - 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP 
 
 #  
 $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
 $IPT -N SYN_FLOOD 
 $IPT -A INPUT -p tcp --syn -j SYN_FLOOD 
 $IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN 
 $IPT -A SYN_FLOOD -j DROP 
 
 ;; 
 stop) 
 echo "Stopping iptables" 
 
 $IPT -F 
 $IPT -X 
 
 $IPT -P INPUT ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 $IPT -P FORWARD ACCEPT 
 ;; 
 *) 
 echo "Usage: /etc/init.d/iptables {start|stop}" 
 exit 1 
 ;; 
 esac 
 
 exit 0 
 
 3.   
      
 mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date 
         web-. 
   /usr/share/pve-manager/ext4/pvemanagerlib.js   
 if (data.status !== 'Active') { 
    
 if (data.status == 'Active') { 
      Proxmox: 'exit code 60′ – corrupt quota file    , 
   . 
 vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID] 
    (cluster not ready - no quorum),      , 
   ,      
 pvecm e (  ) 
   OpenVZ 
  [VEID]  
 vzctl start [VEID] 
    
 vzctl enter [VEID] 
  
 vzctl stop [VEID] 
  
 vzctl restart [VEID] 
  
 vzctl destroy [VEID] 
   
 vzlist -a 
 
   -        ,     ,    . 
 
 UPD-1:  vlan 
 
       2 .     151,152,666 
  : 
  /etc/network/interfaces 
  auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0 
    
 apt-get install vlan 
    
 ifup vlan151 ifup vlan152 ifup vlan666 
      ifconfig 
 
      ,    (network),   ,     
  
        . 
 
 
  : 
     ,     ,     debian 
  /etc/network/interfaces.tail 
 auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0 
  
 cat /etc/network/interfaces.tail >> /etc/network/interfaces 
  *.tail   ,          web ,     . 
 
 
      ,    , -        -    ,   . 

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

   ,    ( ).  ,  X-       . 
 
 ,   Skype ( Skypiax)      UID "Skype": 
 su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &» 
 
 1.6.    
   ,     ,   sda4 
 vzctl set [VEID] --devnodes sda4:rw --save 
 1.7.  tun/tap 
     vpn  ,     . 
 
     
 lsmod | grep tun 
    
 modprobe tun echo "tun" >> /etc/modules 
 vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID] 
   ,    -. 
 
  
          ,   . 
 nano /etc/vz/vz.conf 
    IPTABLES     
 IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp" 
    VZ 
 /etc/init.d/vz restart 
         . 
 
  ,  ,      ( ,    ) 
 nano /etc/modules 
 ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop 
     
        #!/bin/sh 
 ### BEGIN INIT INFO 
 # Provides: iptables.sh 
 # Required-Start: $all 
 # Required-Stop: $all 
 # Default-Start: 2 3 4 5 
 # Default-Stop: 0 1 6 
 # Short-Description: My firewall 
 # Description: Rico-X FIREWALL 
 ### END INIT INFO 
 # /etc/init.d/iptables 
 
 IPT=/sbin/iptables 
 
 case "$1" in 
 start) 
 echo "Starting iptables" 
 
 sysctl -w net.ipv4.tcp_synack_retries=1 
 sysctl -w net.ipv4.tcp_max_syn_backlog=4096 
 sysctl -w net.ipv4.tcp_fin_timeout=10 
 sysctl -w net.ipv4.tcp_syncookies=1 
 sysctl -w net.ipv4.tcp_keepalive_intvl=10 
 sysctl -w net.ipv4.tcp_keepalive_probes=5 
 sysctl -w net.ipv4.tcp_keepalive_time=60 
 sysctl -w net.ipv4.conf.default.rp_filter=1 
 #sysctl -w net.ipv4.ip_forward=0 
 
 #     
 $IPT -P INPUT DROP 
 $IPT -P FORWARD ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 
 #     ,     
 $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 #     lo  
 $IPT -A INPUT -i lo -j ACCEPT 
 
 #       
 $IPT -A INPUT -i eth1 -j ACCEPT 
 $IPT -A INPUT -i vmbr1 -j ACCEPT 
 #       
 $IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT 
 $IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
 
 #     TCP-  SYN- 
 $IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP 
 
 #      
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH 
 $IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC 
 $IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel 
 
 #       SSH (  4  ) 
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP 
 
 #    netbios 
 $IPT -A INPUT -p tcp --dport 137:139 -j DROP 
 $IPT -A INPUT -p udp --dport 137:139 -j DROP 
 
 #   ICMP  
 $IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT 
 $IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT 
 
 #     
 $IPT -A INPUT -m state --state INVALID -j DROP 
 
 #   DHCP   iptables. 
 $IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT 
 
 #  - 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP 
 
 #  
 $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
 $IPT -N SYN_FLOOD 
 $IPT -A INPUT -p tcp --syn -j SYN_FLOOD 
 $IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN 
 $IPT -A SYN_FLOOD -j DROP 
 
 ;; 
 stop) 
 echo "Stopping iptables" 
 
 $IPT -F 
 $IPT -X 
 
 $IPT -P INPUT ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 $IPT -P FORWARD ACCEPT 
 ;; 
 *) 
 echo "Usage: /etc/init.d/iptables {start|stop}" 
 exit 1 
 ;; 
 esac 
 
 exit 0 
 
 3.   
      
 mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date 
         web-. 
   /usr/share/pve-manager/ext4/pvemanagerlib.js   
 if (data.status !== 'Active') { 
    
 if (data.status == 'Active') { 
      Proxmox: 'exit code 60′ – corrupt quota file    , 
   . 
 vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID] 
    (cluster not ready - no quorum),      , 
   ,      
 pvecm e (  ) 
   OpenVZ 
  [VEID]  
 vzctl start [VEID] 
    
 vzctl enter [VEID] 
  
 vzctl stop [VEID] 
  
 vzctl restart [VEID] 
  
 vzctl destroy [VEID] 
   
 vzlist -a 
 
   -        ,     ,    . 
 
 UPD-1:  vlan 
 
       2 .     151,152,666 
  : 
  /etc/network/interfaces 
  auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0 
    
 apt-get install vlan 
    
 ifup vlan151 ifup vlan152 ifup vlan666 
      ifconfig 
 
      ,    (network),   ,     
  
        . 
 
 
  : 
     ,     ,     debian 
  /etc/network/interfaces.tail 
 auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0 
  
 cat /etc/network/interfaces.tail >> /etc/network/interfaces 
  *.tail   ,          web ,     . 
 
 
      ,    , -        -    ,   . 

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

   ,    ( ).  ,  X-       . 
 
 ,   Skype ( Skypiax)      UID "Skype": 
 su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &» 
 
 1.6.    
   ,     ,   sda4 
 vzctl set [VEID] --devnodes sda4:rw --save 
 1.7.  tun/tap 
     vpn  ,     . 
 
     
 lsmod | grep tun 
    
 modprobe tun echo "tun" >> /etc/modules 
 vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID] 
   ,    -. 
 
  
          ,   . 
 nano /etc/vz/vz.conf 
    IPTABLES     
 IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp" 
    VZ 
 /etc/init.d/vz restart 
         . 
 
  ,  ,      ( ,    ) 
 nano /etc/modules 
 ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop 
     
        #!/bin/sh 
 ### BEGIN INIT INFO 
 # Provides: iptables.sh 
 # Required-Start: $all 
 # Required-Stop: $all 
 # Default-Start: 2 3 4 5 
 # Default-Stop: 0 1 6 
 # Short-Description: My firewall 
 # Description: Rico-X FIREWALL 
 ### END INIT INFO 
 # /etc/init.d/iptables 
 
 IPT=/sbin/iptables 
 
 case "$1" in 
 start) 
 echo "Starting iptables" 
 
 sysctl -w net.ipv4.tcp_synack_retries=1 
 sysctl -w net.ipv4.tcp_max_syn_backlog=4096 
 sysctl -w net.ipv4.tcp_fin_timeout=10 
 sysctl -w net.ipv4.tcp_syncookies=1 
 sysctl -w net.ipv4.tcp_keepalive_intvl=10 
 sysctl -w net.ipv4.tcp_keepalive_probes=5 
 sysctl -w net.ipv4.tcp_keepalive_time=60 
 sysctl -w net.ipv4.conf.default.rp_filter=1 
 #sysctl -w net.ipv4.ip_forward=0 
 
 #     
 $IPT -P INPUT DROP 
 $IPT -P FORWARD ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 
 #     ,     
 $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 #     lo  
 $IPT -A INPUT -i lo -j ACCEPT 
 
 #       
 $IPT -A INPUT -i eth1 -j ACCEPT 
 $IPT -A INPUT -i vmbr1 -j ACCEPT 
 #       
 $IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT 
 $IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
 
 #     TCP-  SYN- 
 $IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP 
 
 #      
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH 
 $IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC 
 $IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel 
 
 #       SSH (  4  ) 
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP 
 
 #    netbios 
 $IPT -A INPUT -p tcp --dport 137:139 -j DROP 
 $IPT -A INPUT -p udp --dport 137:139 -j DROP 
 
 #   ICMP  
 $IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT 
 $IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT 
 
 #     
 $IPT -A INPUT -m state --state INVALID -j DROP 
 
 #   DHCP   iptables. 
 $IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT 
 
 #  - 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP 
 
 #  
 $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
 $IPT -N SYN_FLOOD 
 $IPT -A INPUT -p tcp --syn -j SYN_FLOOD 
 $IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN 
 $IPT -A SYN_FLOOD -j DROP 
 
 ;; 
 stop) 
 echo "Stopping iptables" 
 
 $IPT -F 
 $IPT -X 
 
 $IPT -P INPUT ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 $IPT -P FORWARD ACCEPT 
 ;; 
 *) 
 echo "Usage: /etc/init.d/iptables {start|stop}" 
 exit 1 
 ;; 
 esac 
 
 exit 0 
 
 3.   
      
 mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date 
         web-. 
   /usr/share/pve-manager/ext4/pvemanagerlib.js   
 if (data.status !== 'Active') { 
    
 if (data.status == 'Active') { 
      Proxmox: 'exit code 60′ – corrupt quota file    , 
   . 
 vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID] 
    (cluster not ready - no quorum),      , 
   ,      
 pvecm e (  ) 
   OpenVZ 
  [VEID]  
 vzctl start [VEID] 
    
 vzctl enter [VEID] 
  
 vzctl stop [VEID] 
  
 vzctl restart [VEID] 
  
 vzctl destroy [VEID] 
   
 vzlist -a 
 
   -        ,     ,    . 
 
 UPD-1:  vlan 
 
       2 .     151,152,666 
  : 
  /etc/network/interfaces 
  auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0 
    
 apt-get install vlan 
    
 ifup vlan151 ifup vlan152 ifup vlan666 
      ifconfig 
 
      ,    (network),   ,     
  
        . 
 
 
  : 
     ,     ,     debian 
  /etc/network/interfaces.tail 
 auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0 
  
 cat /etc/network/interfaces.tail >> /etc/network/interfaces 
  *.tail   ,          web ,     . 
 
 
      ,    , -        -    ,   . 

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

   ,    ( ).  ,  X-       . 
 
 ,   Skype ( Skypiax)      UID "Skype": 
 su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &» 
 
 1.6.    
   ,     ,   sda4 
 vzctl set [VEID] --devnodes sda4:rw --save 
 1.7.  tun/tap 
     vpn  ,     . 
 
     
 lsmod | grep tun 
    
 modprobe tun echo "tun" >> /etc/modules 
 vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID] 
   ,    -. 
 
  
          ,   . 
 nano /etc/vz/vz.conf 
    IPTABLES     
 IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp" 
    VZ 
 /etc/init.d/vz restart 
         . 
 
  ,  ,      ( ,    ) 
 nano /etc/modules 
 ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop 
     
        #!/bin/sh 
 ### BEGIN INIT INFO 
 # Provides: iptables.sh 
 # Required-Start: $all 
 # Required-Stop: $all 
 # Default-Start: 2 3 4 5 
 # Default-Stop: 0 1 6 
 # Short-Description: My firewall 
 # Description: Rico-X FIREWALL 
 ### END INIT INFO 
 # /etc/init.d/iptables 
 
 IPT=/sbin/iptables 
 
 case "$1" in 
 start) 
 echo "Starting iptables" 
 
 sysctl -w net.ipv4.tcp_synack_retries=1 
 sysctl -w net.ipv4.tcp_max_syn_backlog=4096 
 sysctl -w net.ipv4.tcp_fin_timeout=10 
 sysctl -w net.ipv4.tcp_syncookies=1 
 sysctl -w net.ipv4.tcp_keepalive_intvl=10 
 sysctl -w net.ipv4.tcp_keepalive_probes=5 
 sysctl -w net.ipv4.tcp_keepalive_time=60 
 sysctl -w net.ipv4.conf.default.rp_filter=1 
 #sysctl -w net.ipv4.ip_forward=0 
 
 #     
 $IPT -P INPUT DROP 
 $IPT -P FORWARD ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 
 #     ,     
 $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 #     lo  
 $IPT -A INPUT -i lo -j ACCEPT 
 
 #       
 $IPT -A INPUT -i eth1 -j ACCEPT 
 $IPT -A INPUT -i vmbr1 -j ACCEPT 
 #       
 $IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT 
 $IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
 
 #     TCP-  SYN- 
 $IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP 
 
 #      
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH 
 $IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC 
 $IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel 
 
 #       SSH (  4  ) 
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP 
 
 #    netbios 
 $IPT -A INPUT -p tcp --dport 137:139 -j DROP 
 $IPT -A INPUT -p udp --dport 137:139 -j DROP 
 
 #   ICMP  
 $IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT 
 $IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT 
 
 #     
 $IPT -A INPUT -m state --state INVALID -j DROP 
 
 #   DHCP   iptables. 
 $IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT 
 
 #  - 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP 
 
 #  
 $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
 $IPT -N SYN_FLOOD 
 $IPT -A INPUT -p tcp --syn -j SYN_FLOOD 
 $IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN 
 $IPT -A SYN_FLOOD -j DROP 
 
 ;; 
 stop) 
 echo "Stopping iptables" 
 
 $IPT -F 
 $IPT -X 
 
 $IPT -P INPUT ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 $IPT -P FORWARD ACCEPT 
 ;; 
 *) 
 echo "Usage: /etc/init.d/iptables {start|stop}" 
 exit 1 
 ;; 
 esac 
 
 exit 0 
 
 3.   
      
 mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date 
         web-. 
   /usr/share/pve-manager/ext4/pvemanagerlib.js   
 if (data.status !== 'Active') { 
    
 if (data.status == 'Active') { 
      Proxmox: 'exit code 60′ – corrupt quota file    , 
   . 
 vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID] 
    (cluster not ready - no quorum),      , 
   ,      
 pvecm e (  ) 
   OpenVZ 
  [VEID]  
 vzctl start [VEID] 
    
 vzctl enter [VEID] 
  
 vzctl stop [VEID] 
  
 vzctl restart [VEID] 
  
 vzctl destroy [VEID] 
   
 vzlist -a 
 
   -        ,     ,    . 
 
 UPD-1:  vlan 
 
       2 .     151,152,666 
  : 
  /etc/network/interfaces 
  auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0 
    
 apt-get install vlan 
    
 ifup vlan151 ifup vlan152 ifup vlan666 
      ifconfig 
 
      ,    (network),   ,     
  
        . 
 
 
  : 
     ,     ,     debian 
  /etc/network/interfaces.tail 
 auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0 
  
 cat /etc/network/interfaces.tail >> /etc/network/interfaces 
  *.tail   ,          web ,     . 
 
 
      ,    , -        -    ,   . 

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

   ,    ( ).  ,  X-       . 
 
 ,   Skype ( Skypiax)      UID "Skype": 
 su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &» 
 
 1.6.    
   ,     ,   sda4 
 vzctl set [VEID] --devnodes sda4:rw --save 
 1.7.  tun/tap 
     vpn  ,     . 
 
     
 lsmod | grep tun 
    
 modprobe tun echo "tun" >> /etc/modules 
 vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID] 
   ,    -. 
 
  
          ,   . 
 nano /etc/vz/vz.conf 
    IPTABLES     
 IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp" 
    VZ 
 /etc/init.d/vz restart 
         . 
 
  ,  ,      ( ,    ) 
 nano /etc/modules 
 ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop 
     
        #!/bin/sh 
 ### BEGIN INIT INFO 
 # Provides: iptables.sh 
 # Required-Start: $all 
 # Required-Stop: $all 
 # Default-Start: 2 3 4 5 
 # Default-Stop: 0 1 6 
 # Short-Description: My firewall 
 # Description: Rico-X FIREWALL 
 ### END INIT INFO 
 # /etc/init.d/iptables 
 
 IPT=/sbin/iptables 
 
 case "$1" in 
 start) 
 echo "Starting iptables" 
 
 sysctl -w net.ipv4.tcp_synack_retries=1 
 sysctl -w net.ipv4.tcp_max_syn_backlog=4096 
 sysctl -w net.ipv4.tcp_fin_timeout=10 
 sysctl -w net.ipv4.tcp_syncookies=1 
 sysctl -w net.ipv4.tcp_keepalive_intvl=10 
 sysctl -w net.ipv4.tcp_keepalive_probes=5 
 sysctl -w net.ipv4.tcp_keepalive_time=60 
 sysctl -w net.ipv4.conf.default.rp_filter=1 
 #sysctl -w net.ipv4.ip_forward=0 
 
 #     
 $IPT -P INPUT DROP 
 $IPT -P FORWARD ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 
 #     ,     
 $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 #     lo  
 $IPT -A INPUT -i lo -j ACCEPT 
 
 #       
 $IPT -A INPUT -i eth1 -j ACCEPT 
 $IPT -A INPUT -i vmbr1 -j ACCEPT 
 #       
 $IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT 
 $IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
 
 #     TCP-  SYN- 
 $IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP 
 
 #      
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH 
 $IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC 
 $IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel 
 
 #       SSH (  4  ) 
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP 
 
 #    netbios 
 $IPT -A INPUT -p tcp --dport 137:139 -j DROP 
 $IPT -A INPUT -p udp --dport 137:139 -j DROP 
 
 #   ICMP  
 $IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT 
 $IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT 
 
 #     
 $IPT -A INPUT -m state --state INVALID -j DROP 
 
 #   DHCP   iptables. 
 $IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT 
 
 #  - 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP 
 
 #  
 $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
 $IPT -N SYN_FLOOD 
 $IPT -A INPUT -p tcp --syn -j SYN_FLOOD 
 $IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN 
 $IPT -A SYN_FLOOD -j DROP 
 
 ;; 
 stop) 
 echo "Stopping iptables" 
 
 $IPT -F 
 $IPT -X 
 
 $IPT -P INPUT ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 $IPT -P FORWARD ACCEPT 
 ;; 
 *) 
 echo "Usage: /etc/init.d/iptables {start|stop}" 
 exit 1 
 ;; 
 esac 
 
 exit 0 
 
 3.   
      
 mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date 
         web-. 
   /usr/share/pve-manager/ext4/pvemanagerlib.js   
 if (data.status !== 'Active') { 
    
 if (data.status == 'Active') { 
      Proxmox: 'exit code 60′ – corrupt quota file    , 
   . 
 vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID] 
    (cluster not ready - no quorum),      , 
   ,      
 pvecm e (  ) 
   OpenVZ 
  [VEID]  
 vzctl start [VEID] 
    
 vzctl enter [VEID] 
  
 vzctl stop [VEID] 
  
 vzctl restart [VEID] 
  
 vzctl destroy [VEID] 
   
 vzlist -a 
 
   -        ,     ,    . 
 
 UPD-1:  vlan 
 
       2 .     151,152,666 
  : 
  /etc/network/interfaces 
  auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0 
    
 apt-get install vlan 
    
 ifup vlan151 ifup vlan152 ifup vlan666 
      ifconfig 
 
      ,    (network),   ,     
  
        . 
 
 
  : 
     ,     ,     debian 
  /etc/network/interfaces.tail 
 auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0 
  
 cat /etc/network/interfaces.tail >> /etc/network/interfaces 
  *.tail   ,          web ,     . 
 
 
      ,    , -        -    ,   . 

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

   ,    ( ).  ,  X-       . 
 
 ,   Skype ( Skypiax)      UID "Skype": 
 su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &» 
 
 1.6.    
   ,     ,   sda4 
 vzctl set [VEID] --devnodes sda4:rw --save 
 1.7.  tun/tap 
     vpn  ,     . 
 
     
 lsmod | grep tun 
    
 modprobe tun echo "tun" >> /etc/modules 
 vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID] 
   ,    -. 
 
  
          ,   . 
 nano /etc/vz/vz.conf 
    IPTABLES     
 IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp" 
    VZ 
 /etc/init.d/vz restart 
         . 
 
  ,  ,      ( ,    ) 
 nano /etc/modules 
 ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop 
     
        #!/bin/sh 
 ### BEGIN INIT INFO 
 # Provides: iptables.sh 
 # Required-Start: $all 
 # Required-Stop: $all 
 # Default-Start: 2 3 4 5 
 # Default-Stop: 0 1 6 
 # Short-Description: My firewall 
 # Description: Rico-X FIREWALL 
 ### END INIT INFO 
 # /etc/init.d/iptables 
 
 IPT=/sbin/iptables 
 
 case "$1" in 
 start) 
 echo "Starting iptables" 
 
 sysctl -w net.ipv4.tcp_synack_retries=1 
 sysctl -w net.ipv4.tcp_max_syn_backlog=4096 
 sysctl -w net.ipv4.tcp_fin_timeout=10 
 sysctl -w net.ipv4.tcp_syncookies=1 
 sysctl -w net.ipv4.tcp_keepalive_intvl=10 
 sysctl -w net.ipv4.tcp_keepalive_probes=5 
 sysctl -w net.ipv4.tcp_keepalive_time=60 
 sysctl -w net.ipv4.conf.default.rp_filter=1 
 #sysctl -w net.ipv4.ip_forward=0 
 
 #     
 $IPT -P INPUT DROP 
 $IPT -P FORWARD ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 
 #     ,     
 $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 #     lo  
 $IPT -A INPUT -i lo -j ACCEPT 
 
 #       
 $IPT -A INPUT -i eth1 -j ACCEPT 
 $IPT -A INPUT -i vmbr1 -j ACCEPT 
 #       
 $IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT 
 $IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
 
 #     TCP-  SYN- 
 $IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP 
 
 #      
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH 
 $IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC 
 $IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel 
 
 #       SSH (  4  ) 
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP 
 
 #    netbios 
 $IPT -A INPUT -p tcp --dport 137:139 -j DROP 
 $IPT -A INPUT -p udp --dport 137:139 -j DROP 
 
 #   ICMP  
 $IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT 
 $IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT 
 
 #     
 $IPT -A INPUT -m state --state INVALID -j DROP 
 
 #   DHCP   iptables. 
 $IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT 
 
 #  - 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP 
 
 #  
 $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
 $IPT -N SYN_FLOOD 
 $IPT -A INPUT -p tcp --syn -j SYN_FLOOD 
 $IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN 
 $IPT -A SYN_FLOOD -j DROP 
 
 ;; 
 stop) 
 echo "Stopping iptables" 
 
 $IPT -F 
 $IPT -X 
 
 $IPT -P INPUT ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 $IPT -P FORWARD ACCEPT 
 ;; 
 *) 
 echo "Usage: /etc/init.d/iptables {start|stop}" 
 exit 1 
 ;; 
 esac 
 
 exit 0 
 
 3.   
      
 mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date 
         web-. 
   /usr/share/pve-manager/ext4/pvemanagerlib.js   
 if (data.status !== 'Active') { 
    
 if (data.status == 'Active') { 
      Proxmox: 'exit code 60′ – corrupt quota file    , 
   . 
 vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID] 
    (cluster not ready - no quorum),      , 
   ,      
 pvecm e (  ) 
   OpenVZ 
  [VEID]  
 vzctl start [VEID] 
    
 vzctl enter [VEID] 
  
 vzctl stop [VEID] 
  
 vzctl restart [VEID] 
  
 vzctl destroy [VEID] 
   
 vzlist -a 
 
   -        ,     ,    . 
 
 UPD-1:  vlan 
 
       2 .     151,152,666 
  : 
  /etc/network/interfaces 
  auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0 
    
 apt-get install vlan 
    
 ifup vlan151 ifup vlan152 ifup vlan666 
      ifconfig 
 
      ,    (network),   ,     
  
        . 
 
 
  : 
     ,     ,     debian 
  /etc/network/interfaces.tail 
 auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0 
  
 cat /etc/network/interfaces.tail >> /etc/network/interfaces 
  *.tail   ,          web ,     . 
 
 
      ,    , -        -    ,   . 

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .

   ,    ( ).  ,  X-       . 
 
 ,   Skype ( Skypiax)      UID "Skype": 
 su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &» 
 
 1.6.    
   ,     ,   sda4 
 vzctl set [VEID] --devnodes sda4:rw --save 
 1.7.  tun/tap 
     vpn  ,     . 
 
     
 lsmod | grep tun 
    
 modprobe tun echo "tun" >> /etc/modules 
 vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID] 
   ,    -. 
 
  
          ,   . 
 nano /etc/vz/vz.conf 
    IPTABLES     
 IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp" 
    VZ 
 /etc/init.d/vz restart 
         . 
 
  ,  ,      ( ,    ) 
 nano /etc/modules 
 ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop 
     
        #!/bin/sh 
 ### BEGIN INIT INFO 
 # Provides: iptables.sh 
 # Required-Start: $all 
 # Required-Stop: $all 
 # Default-Start: 2 3 4 5 
 # Default-Stop: 0 1 6 
 # Short-Description: My firewall 
 # Description: Rico-X FIREWALL 
 ### END INIT INFO 
 # /etc/init.d/iptables 
 
 IPT=/sbin/iptables 
 
 case "$1" in 
 start) 
 echo "Starting iptables" 
 
 sysctl -w net.ipv4.tcp_synack_retries=1 
 sysctl -w net.ipv4.tcp_max_syn_backlog=4096 
 sysctl -w net.ipv4.tcp_fin_timeout=10 
 sysctl -w net.ipv4.tcp_syncookies=1 
 sysctl -w net.ipv4.tcp_keepalive_intvl=10 
 sysctl -w net.ipv4.tcp_keepalive_probes=5 
 sysctl -w net.ipv4.tcp_keepalive_time=60 
 sysctl -w net.ipv4.conf.default.rp_filter=1 
 #sysctl -w net.ipv4.ip_forward=0 
 
 #     
 $IPT -P INPUT DROP 
 $IPT -P FORWARD ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 
 #     ,     
 $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 #     lo  
 $IPT -A INPUT -i lo -j ACCEPT 
 
 #       
 $IPT -A INPUT -i eth1 -j ACCEPT 
 $IPT -A INPUT -i vmbr1 -j ACCEPT 
 #       
 $IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT 
 $IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
 
 #     TCP-  SYN- 
 $IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP 
 
 #      
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH 
 $IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC 
 $IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel 
 
 #       SSH (  4  ) 
 $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP 
 
 #    netbios 
 $IPT -A INPUT -p tcp --dport 137:139 -j DROP 
 $IPT -A INPUT -p udp --dport 137:139 -j DROP 
 
 #   ICMP  
 $IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT 
 $IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT 
 
 #     
 $IPT -A INPUT -m state --state INVALID -j DROP 
 
 #   DHCP   iptables. 
 $IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT 
 
 #  - 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP 
 $IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP 
 
 #  
 $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
 $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
 $IPT -N SYN_FLOOD 
 $IPT -A INPUT -p tcp --syn -j SYN_FLOOD 
 $IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN 
 $IPT -A SYN_FLOOD -j DROP 
 
 ;; 
 stop) 
 echo "Stopping iptables" 
 
 $IPT -F 
 $IPT -X 
 
 $IPT -P INPUT ACCEPT 
 $IPT -P OUTPUT ACCEPT 
 $IPT -P FORWARD ACCEPT 
 ;; 
 *) 
 echo "Usage: /etc/init.d/iptables {start|stop}" 
 exit 1 
 ;; 
 esac 
 
 exit 0 
 
 3.   
      
 mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date 
         web-. 
   /usr/share/pve-manager/ext4/pvemanagerlib.js   
 if (data.status !== 'Active') { 
    
 if (data.status == 'Active') { 
      Proxmox: 'exit code 60′ – corrupt quota file    , 
   . 
 vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID] 
    (cluster not ready - no quorum),      , 
   ,      
 pvecm e (  ) 
   OpenVZ 
  [VEID]  
 vzctl start [VEID] 
    
 vzctl enter [VEID] 
  
 vzctl stop [VEID] 
  
 vzctl restart [VEID] 
  
 vzctl destroy [VEID] 
   
 vzlist -a 
 
   -        ,     ,    . 
 
 UPD-1:  vlan 
 
       2 .     151,152,666 
  : 
  /etc/network/interfaces 
  auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0 
    
 apt-get install vlan 
    
 ifup vlan151 ifup vlan152 ifup vlan666 
      ifconfig 
 
      ,    (network),   ,     
  
        . 
 
 
  : 
     ,     ,     debian 
  /etc/network/interfaces.tail 
 auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0 
  
 cat /etc/network/interfaces.tail >> /etc/network/interfaces 
  *.tail   ,          web ,     . 
 
 
      ,    , -        -    ,   . 

, ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , ., ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , ., ( ). , X- .

, Skype ( Skypiax) UID "Skype":
su skype -c "echo secret:password | DISPLAY=:1 /usr/bin/skype --pipelogin 2>>skype_errors.log &»

1.6.
, , sda4
vzctl set [VEID] --devnodes sda4:rw --save
1.7. tun/tap
vpn , .


lsmod | grep tun

modprobe tun echo "tun" >> /etc/modules
vzctl stop [VEID] vzctl set [VEID] --devices c:10:200:rw --save vzctl set [VEID] --capability net_admin:on --save vzctl start [VEID]
, -.


, .
nano /etc/vz/vz.conf
IPTABLES
IPTABLES="ipt_owner ipt_REDIRECT ipt_recent ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp"
VZ
/etc/init.d/vz restart
.

, , ( , )
nano /etc/modules
ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter ipt_ttl ipt_REJECT loop

#!/bin/sh
### BEGIN INIT INFO
# Provides: iptables.sh
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: My firewall
# Description: Rico-X FIREWALL
### END INIT INFO
# /etc/init.d/iptables

IPT=/sbin/iptables

case "$1" in
start)
echo "Starting iptables"

sysctl -w net.ipv4.tcp_synack_retries=1
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=5
sysctl -w net.ipv4.tcp_keepalive_time=60
sysctl -w net.ipv4.conf.default.rp_filter=1
#sysctl -w net.ipv4.ip_forward=0

#
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# ,
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# lo
$IPT -A INPUT -i lo -j ACCEPT

#
$IPT -A INPUT -i eth1 -j ACCEPT
$IPT -A INPUT -i vmbr1 -j ACCEPT
#
$IPT -A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
$IPT -A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

# TCP- SYN-
$IPT -I INPUT -m conntrack --ctstate NEW -p tcp ! --syn -j DROP

#
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH
$IPT -A INPUT -p tcp -m tcp --dport 5900:5999 -j ACCEPT ## VNC
$IPT -A INPUT -p tcp -m tcp --dport 8006 -j ACCEPT ## Proxmox panel

# SSH ( 4 )
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

# netbios
$IPT -A INPUT -p tcp --dport 137:139 -j DROP
$IPT -A INPUT -p udp --dport 137:139 -j DROP

# ICMP
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -j ACCEPT

#
$IPT -A INPUT -m state --state INVALID -j DROP

# DHCP iptables.
$IPT -A INPUT -p udp -m udp --dport 68 --sport 67 -j ACCEPT

# -
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP

#
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -N SYN_FLOOD
$IPT -A INPUT -p tcp --syn -j SYN_FLOOD
$IPT -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
$IPT -A SYN_FLOOD -j DROP

;;
stop)
echo "Stopping iptables"

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop}"
exit 1
;;
esac

exit 0

3.

mv /etc/localtime /etc/localtime_org && ln -s /usr/share/zoneinfo/"Europe/Simferopol" /etc/localtime && date
web-.
/usr/share/pve-manager/ext4/pvemanagerlib.js
if (data.status !== 'Active') {

if (data.status == 'Active') {
Proxmox: 'exit code 60′ – corrupt quota file ,
.
vzquota off [VEID] vzquota : (error) Quota is not running for id [VEID] vzquota : (warning) Repairing quota: it was incorrectly marked as running for id [VEID] vzquota on [VEID]
(cluster not ready - no quorum), ,
,
pvecm e ( )
OpenVZ
[VEID]
vzctl start [VEID]

vzctl enter [VEID]

vzctl stop [VEID]

vzctl restart [VEID]

vzctl destroy [VEID]

vzlist -a

- , , .

UPD-1: vlan

2 . 151,152,666
:
/etc/network/interfaces
auto vlan151 iface vlan151 inet manual vlan_raw_device eth0 auto vlan152 iface vlan152 inet manual vlan_raw_device eth0 auto vlan666 iface vlan666 inet manual vlan_raw_device eth0 auto vmbr151 iface vmbr151 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan151 bridge_stp off bridge_fd 0 auto vmbr152 iface vmbr152 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan152 bridge_stp off bridge_fd 0 auto vmbr666 iface vmbr666 inet static address 0.0.0.0 netmask 255.255.255.255 bridge_ports vlan666 bridge_stp off bridge_fd 0

apt-get install vlan

ifup vlan151 ifup vlan152 ifup vlan666
ifconfig

, (network), ,

.


:
, , debian
/etc/network/interfaces.tail
auto eth1 iface eth1 inet static address 10.7.10.5 netmask 255.255.255.0

cat /etc/network/interfaces.tail >> /etc/network/interfaces
*.tail , web , .


, , - - , .