6,534
edits
Changes
add selinux and conntracs info to →Configuring
</pre>
== Configuring == Please make sure the following steps are performed before rebooting into OpenVZ kernel. === sysctl settings ===
There is a number of kernel parameters that should be set for OpenVZ to work correctly. These parameters are stored in <tt>/etc/sysctl.conf</tt> file. Here is the relevant part of the file; please edit it accordingly.
net.ipv4.conf.all.send_redirects = 0
</pre>
=== SELinux ===
SELinux should be disabled. To that effect, put the following line to <code>/etc/sysconfig/selinux</code>:
<pre>
SELINUX=disabled
</pre>
=== Conntracks ===
In the stable OpenVZ kernels (those that are 2.6.8-based) netfilter connection tracking for [[VE0]] is disabled by default. If you have a stateful firewall enabled on the host node (it is there by default) you should either disable it, or enable connection tracking for [[VE0]].
To enable conntracks for VE0, add the following line to <code>/etc/modules.conf</code> file:
<pre>
options ip_conntrack ip_conntrack_enable_ve0=1
</pre>
{{Note|in kernels later than 2.6.8, connection tracking is enabled by default}}
== Rebooting into OpenVZ kernel ==