OpenVZ Forum


Home » General » Support » Private/public IPs on VEs
Private/public IPs on VEs [message #33981] Sun, 23 November 2008 19:40 Go to next message
ktwalrus is currently offline  ktwalrus
Messages: 13
Registered: November 2008
Junior Member
I'm new to OpenVZ and from reading over the pages here, I think I basically understand some of the issues to do what I want, but I'd like to read opinions since I haven't seen an article specifically address my set up.

I have a server (HN) that has two ethernet ports: eth0 and eth1. eth0 is for Private VLAN and eth1 is for Public Internet.

I have 5 Public IPs (4 usable for VEs) and 64 Private IPs (63 usable for VEs).

I want to create the VEs so some of them have a Public IP and all of them have a Private IP. All of them should be able to see all VEs and HN. The HN has both a public and a private IP. All of them should be able to see the internet including seeing the DNS servers. The internet should only see the VEs with Public IPs.

Report message to a moderator

Re: Private/public IPs on VEs [message #33994 is a reply to message #33981] Mon, 24 November 2008 13:24 Go to previous messageGo to next message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Hello,

it is a possible scenario.

You may use either venet interface or veth inside VE.
I'll try to describe in a few words venet case. You can read more about veth interface at the following page http://wiki.openvz.org/Veth .

- set appropriate sysctl parameters for example as described
http://wiki.openvz.org/Quick_installation#sysctl
- to assign an ip address to your VE use "vzctl set $VEID --ipadd $IP [-save]"
- make sure that default gateway inside each VE pointed to venet interface. you can also set explicit routes inside VE i.e.
ip route add $PRIAVTE_NETWORK src $PRIVATE_IP dev venet0
ip route add $PUBLIC_NETWORK src $PUBLIC_IP dev venet0
- to provide an access to internet for your "private" VEs you can use SNAT
http://wiki.openvz.org/Using_NAT_for_container_with_private_ IPs

Report message to a moderator

Re: Private/public IPs on VEs [message #33999 is a reply to message #33994] Tue, 25 November 2008 04:24 Go to previous messageGo to next message
ktwalrus is currently offline  ktwalrus
Messages: 13
Registered: November 2008
Junior Member
Thanks. I got it mostly working.

Report message to a moderator

Re: Private/public IPs on VEs [message #34004 is a reply to message #33999] Tue, 25 November 2008 09:05 Go to previous message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Hello,

just to be more fair and precise.
I was pointed out that my previous post was not correct. The suggestion to put route like 

ip route add $PUBLIC_NETWORK src $PUBLIC_IP dev venet0

in some cases is meaningless. The better way to give an access to internet is 

ip route add default dev venet0 src $PUBLIC_IP

Report message to a moderator

Previous Topic: Setting Resource Limit's
Next Topic: [solved] Checkpointing does not work ?
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sun Oct 13 15:42:06 GMT 2024

Total time taken to generate the page: 0.09430 seconds
Powered by FUDforum Powered by Virtuozzo Containers