Using NAT for VE with private IPs [message #10653] |
Sun, 25 February 2007 20:14 |
lloyd
Messages: 3 Registered: February 2007
|
Junior Member |
|
|
Hi,
I'm closing in on my first successful install of a VE on openVZ but,
having trouble with network configuration.
My hardware NODE is behind a firewall connected to a dsl modem. DNSmasq
on the firewall supplies a static IP to the hardware NODE. Let's call
it <hardwareNODE>.
Following the instructions in:
http://wiki.openvz.org/Using_NAT_for_VE_with_private_IPs
...I issued the following command to the hardware NODE:
iptables -t nat -A POSTROUTING -s 172.16.0.0/255/255/255/0 -o eth0 -j
SNAT --to <hardwareNODE>
Then I entered:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to <hardwareNODE>
Finally, since my system didn't hve the file /etc/modprobe.conf, I
issued the following at the commandline:
modprobe ip_conntrack ip_conntrack_enable_ve0=1
Then I rebooted, entered a VE and tested by issuing:
apt-get update.
The system failed resolve the addresses in sources.list.
I double checked that I had entered:
vzctl set 777 --ipadd 172.16.0.1 --save
...which I had.
Any ideas, please, of what I'm doing wrong, or need to do to
diagnose and solve the problem?
Many thanks,
Lloyd R. Prentice
|
|
|
Re: Using NAT for VE with private IPs [message #10655 is a reply to message #10653] |
Mon, 26 February 2007 06:44 |
|
Lloyd R. Prentice wrote:
> Hi,
>
> I'm closing in on my first successful install of a VE on openVZ but,
> having trouble with network configuration.
>
> My hardware NODE is behind a firewall connected to a dsl modem.
> DNSmasq on the firewall supplies a static IP to the hardware NODE.
> Let's call it <hardwareNODE>.
>
> Following the instructions in:
>
> http://wiki.openvz.org/Using_NAT_for_VE_with_private_IPs
>
> ...I issued the following command to the hardware NODE:
>
> iptables -t nat -A POSTROUTING -s 172.16.0.0/255/255/255/0 -o eth0 -j
> SNAT --to <hardwareNODE>
>
> Then I entered:
>
> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to <hardwareNODE>
>
> Finally, since my system didn't hve the file /etc/modprobe.conf, I
> issued the following at the commandline:
>
> modprobe ip_conntrack ip_conntrack_enable_ve0=1
>
> Then I rebooted
Oops. Why a reboot?
All the iptables commands, and modprobe as well, are not taking effect
after the reboot. In order to make them persistent, you have to put
those in some startup script.
> , entered a VE and tested by issuing:
>
> apt-get update.
>
> The system failed resolve the addresses in sources.list.
>
> I double checked that I had entered:
>
> vzctl set 777 --ipadd 172.16.0.1 --save
>
> ...which I had.
>
> Any ideas, please, of what I'm doing wrong, or need to do to diagnose
> and solve the problem?
>
>
> Many thanks,
>
> Lloyd R. Prentice
>
>
>
>
|
|
|
|
Re: Using NAT for VE with private IPs [message #10682 is a reply to message #10658] |
Mon, 26 February 2007 15:09 |
lloyd
Messages: 3 Registered: February 2007
|
Junior Member |
|
|
Thanks all.
I'll give it a shot.
Best wishes,
LRP
-----Original Message-----
From: "Vasily Tarasov" <vtaras@openvz.org>
Sent: Mon, February 26, 2007 4:55 am
To: users@openvz.org
Subject: Re: [Users] Using NAT for VE with private IPs
Kir Kolyshkin wrote:
> Lloyd R. Prentice wrote:
>> Then I rebooted
> Oops. Why a reboot?
>
> All the iptables commands, and modprobe as well, are not taking effect
> after the reboot. In order to make them persistent, you have to put
> those in some startup script.
To be more precise, all distribution I know use /etc/sysconfig/iptables
file to make rules persistent. After setting up your rules via
`iptables` command you should do `iptables-save >
/etc/sysconfig/iptables`, and at a boot time init script will
automagically use your rules.
HTH,
Vasily.
|
|
|
Re: Using NAT for VE with private IPs [message #10716 is a reply to message #10658] |
Mon, 26 February 2007 23:40 |
lloyd
Messages: 3 Registered: February 2007
|
Junior Member |
|
|
Hi,
Oops, still no satisfaction.
Unfortunately I'm off the Mexico in a few hours so won't have time
double-check my work until after I return on March 13.
Kir noted that I shouldn't have rebooted...
I think I was thrown off by the language in openVZ wiki -- Using NAT for
VE with private IPs. "... Also remember that if this module is loaded
without the option, unloading and reloading doesn't work! You need to
reboot the computer."
It's clearer to me now, I think. But it was ambiguous at the time.
Many thanks for your help. I hope I can get this going shortly after my
return.
All the best,
LRP
-----Original Message-----
From: "Vasily Tarasov" <vtaras@openvz.org>
Sent: Mon, February 26, 2007 4:55 am
To: users@openvz.org
Subject: Re: [Users] Using NAT for VE with private IPs
Kir Kolyshkin wrote:
> Lloyd R. Prentice wrote:
>> Then I rebooted
> Oops. Why a reboot?
>
> All the iptables commands, and modprobe as well, are not taking effect
> after the reboot. In order to make them persistent, you have to put
> those in some startup script.
To be more precise, all distribution I know use /etc/sysconfig/iptables
file to make rules persistent. After setting up your rules via
`iptables` command you should do `iptables-save >
/etc/sysconfig/iptables`, and at a boot time init script will
automagically use your rules.
HTH,
Vasily.
|
|
|
|
|