OpenVZ Forum


Home » General » Support » Openvz proxy arp or snat?
Openvz proxy arp or snat? [message #34244] Tue, 16 December 2008 12:23 Go to next message
0bfuscate is currently offline  0bfuscate
Messages: 1
Registered: December 2008
Junior Member
Hi I want the hardware node to forward all requests to a container (just a single one) to act as a secured server how would I do this? I've heard of proxy arp but have also heard its a bad solution what other ways can I do this?

Report message to a moderator

Re: Openvz proxy arp or snat? [message #34265 is a reply to message #34244] Wed, 17 December 2008 21:21 Go to previous message
piavlo is currently offline  piavlo
Messages: 159
Registered: January 2007
Senior Member
This is not a openvz related question.

You mean you want something similar to LAN switch port mirroring
inside HN. So that network traffic to all VEs hosted on HN (including the traffic intended to HN too?) to be mirrored to specific VE which would act as IDS?

What is your current network setup in HN? do you use venet or veth devices for VEs?

Probably the best solution would be to use iptables ROUTE target with --tee option:
http://www.netfilter.org/projects/patch-o-matic/pom-external .html#pom-external-ROUTE

ps. Btw there is a VDE project http://vde.sourceforge.net/
which lets you define software LAN switch inside linux, into which
you can plug openvz VEs using trick with tap devices. But it probably won't scale well with high network traffic.

Report message to a moderator

Previous Topic: Can't reboot after fresh install
Next Topic: LVS and openvz
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Mon Aug 04 05:57:57 GMT 2025

Total time taken to generate the page: 0.83079 seconds
Powered by FUDforum Powered by Virtuozzo Containers