So I am have the problems described in this thread http://www.howtoforge.com/forums/archive/index.php/t-33642.html but I have narrowed it down somewhat. I am using openvz and the problem child is a container. I started off opening the ports by policy to verify that it was the containers firewall rather than the main firewall, and it worked so after that I started sectioning off ports using ranges. Apt-get, lynx and pinging a site started working when I set the open tcp/udp (has to be both) ports to 40000:60000.... Here is my rules file, and I assure you that when I set the net2fw policy to accept everything works ACCEPT all $FW tcp 462 #ACCEPT all all tcp 40000:60000 #ACCEPT all all udp 40000:60000 ACCEPT all net udp 53 ACCEPT all net tcp 53 ACCEPT net all udp 53 ACCEPT net all tcp 53 ACCEPT $FW net icmp ACCEPT net $FW icmp Any ideas? EDIT: Or might it be better to setup parent zones on the host server?
