OpenVZ Forum


Home » General » Support » allowing traffic through to Container and still using iptables on hostnode
allowing traffic through to Container and still using iptables on hostnode [message #30312] Tue, 20 May 2008 20:14 Go to next message
slonghurst is currently offline  slonghurst
Messages: 40
Registered: September 2006
Location: UK
Member
I am trying to configure iptables on the hostnode to allow traffic through to a container with a public ip address. Basically I want to keep iptables running on the hostnode and i want all internet traffic to go through to the Container, where i will configure the firewall for the container. I have tried looking at the using iptables as a firewall wiki page but it is not really want i want and I am not sure on how to amend it for my needs.

Is it just a case of adding a rule to allow all traffic on the venet interface?

Thanks in advance
Re: allowing traffic through to Container and still using iptables on hostnode [message #30529 is a reply to message #30312] Wed, 28 May 2008 08:16 Go to previous messageGo to next message
slonghurst is currently offline  slonghurst
Messages: 40
Registered: September 2006
Location: UK
Member
Anybody able to give any advice on this?
Re: allowing traffic through to Container and still using iptables on hostnode [message #30563 is a reply to message #30529] Wed, 28 May 2008 16:00 Go to previous messageGo to next message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Hello,


your configuration is not clear. Could you please describe it in more detail?
"ip a l" from HN and from inside the CT
"ip r l" from inside HN and from inside the CT
What is your iptable rules on HN?

What is your problem? You cannot access your CT due to iptables configuration on HN?
Re: allowing traffic through to Container and still using iptables on hostnode [message #30564 is a reply to message #30563] Wed, 28 May 2008 16:22 Go to previous messageGo to next message
slonghurst is currently offline  slonghurst
Messages: 40
Registered: September 2006
Location: UK
Member
Hi

The situation is this. I have a server that i can give public ip addresses to.

On the containers I want to set the ipaddress as a public IP address.

I would like the containers to use iptables to do their own firewalling

I want iptables on the HN to do firewalling for itself.

When i turn iptables on my hostnode my containers lose connectivity to the internet and i cannot get to the containers from the internet.

If you want i can send the output for the commands you requested via personal message.

Thanks

Shaun
Re: allowing traffic through to Container and still using iptables on hostnode [message #30616 is a reply to message #30564] Fri, 30 May 2008 07:58 Go to previous messageGo to next message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Hello,

1. Make sure that you cannot access your CT from inside because of the firewall on the HN.
2. Use "tcpdump" utility to look at the packets activity.
3. If you send me your settings I'll try to find out the reason.
*SOLVED* Re: allowing traffic through to Container and still using iptables on hostnode [message #30619 is a reply to message #30616] Fri, 30 May 2008 08:49 Go to previous message
slonghurst is currently offline  slonghurst
Messages: 40
Registered: September 2006
Location: UK
Member
fixed thanks to Maratrus.

I hadn't allowed a rule on the host node to allow forwarded packets.
Previous Topic: Unable to stop VZ
Next Topic: Question about IP Multicasting
Goto Forum:
  


Current Time: Sun Oct 26 14:14:06 GMT 2025

Total time taken to generate the page: 0.08123 seconds