Have I got a badly configured VPS, am I just unlucky, or are the problems I'm running into today systemic?

I've just modified the rules for the Module\Firewall to limit connections to sensitive services to my own public subnet here by adding a subnet mask (a /29) to rules for SSH, MySQL, Plesk VPN, Plesk Administrative Interface, etc.

When I try to activate the rules after having reviewing the Plesk-generated script, I get:
http://tjworld.net/media/Plesk-Virtuozzo-Modules-Firewall-01.jpg
In searching for a resolution to this issue I found the following article at another VPS-hoster's forums (http://www.jaguarpc.com/forums/showthread.php?t=14270) where they say:
iptables modules need to be enabled for the VPS as they are not enabled by default. Please open a support ticket to get them enabled for your VPS

Also, what is the relationship between the Virtuozzo Firewall, the Firewall Module, and iptables on my VPS?
Should I be working just with the Virtuozzo Firewall?
Is the Firewall Module supposed to be controlling the iptables configuration in my VPS?

Are there effectively three potential layers of firewall between my user-land services and the outside world?

It seems to me that an easy-to-find guide to working with the VPS set-up at gate.com ought to be flagged up in the Welcome email and prominently linked to from Plesk. The help in Plesk assumes everything is configured as SWSoft expect, which plainly it doesn't appear to be.

Have I got a badly configured VPS, am I just unlucky, or are the problems I'm running into today systemic?

I've just modified the rules for the Module\Firewall to limit connections to sensitive services to my own public subnet here by adding a subnet mask (a /29) to rules for SSH, MySQL, Plesk VPN, Plesk Administrative Interface, etc.

When I try to activate the rules after having reviewing the Plesk-generated script, I get:
http://tjworld.net/media/Plesk-Virtuozzo-Modules-Firewall-01.jpg
In searching for a resolution to this issue I found the following article at another VPS-hoster's forums (http://www.jaguarpc.com/forums/showthread.php?t=14270) where they say:


Also, what is the relationship between the Virtuozzo Firewall, the Firewall Module, and iptables on my VPS?
Should I be working just with the Virtuozzo Firewall?
Is the Firewall Module supposed to be controlling the iptables configuration in my VPS?

Are there effectively three potential layers of firewall between my user-land services and the outside world.

It seems to me that an easy-to-find guide to working with the VPS set-up at gate.com ought to be flagged up in the Welcome email and prominently linked to from Plesk. The help in Plesk assumes everything is configured as SWSoft expect, which plainly it doesn't appear to be.


I would use the VZPP firewall if you are having issues with the plesk one.

http://javi.org/VZPP.pdf

page 38 has all the info you need to setup the firewall

Thank-you, yes, I had already reveiwed that document but it is only an overview of Virtuozzo; it doesn't deal with the specific configuration of Virtuozzo and Plesk here at gate.com, or the relationships between what is seen in Plesk and what is available in the VPS when working with it directly using an SSH shell.

A few simple diagrams might well help users new to Virtual Private Servers understand the concepts and relationships between the physical and virtual environments, especially where the interface between the two is confusing.

Another example of this confusion is the core installed services httpd, php, and mysqld.

Unless you're already completely familiar with Virtuozzo and Plesk it isn't clear that Plesk has its own instance of Apache 1.3 httpd and PHP 5.0 but shares MySQL 4.1 with the VPS.

This means the administrator of the VPS can configure/upgrade Apache 2.0.54 and PHP 5.0.4 within the VPS as much as they desire, but cannot upgrade or make alterations to MySQL 4.1.20 because that will stop Plesk functioning in many cases (Plesk 8.0 is incompatible with MySQL 5.x because of how some JOINs are executed).

I've just dealt with this by installing a MySQL 5 service alongside the MySQL 4.1 used by Plesk. I've changed the port for mysqld 4.1 to 3307 (mysqld is only accessed locally by the socket (/var/lib/mysql/mysql.sock), not the port).

I need MySQL 5.1 to be available to my applications without them having to have their configurations customised each time. This also means I can tear-down and reconfigure user-land MySQL without affecting Plesk.