OpenVZ Forum


Home » General » Support » (Solved) Isolation of nodes from each other .....
(Solved) Isolation of nodes from each other ..... [message #35361] Thu, 19 March 2009 07:18 Go to next message
schjeall is currently offline  schjeall
Messages: 27
Registered: February 2009
Location: Denmark
Junior Member
Hello

I was thinking about the best way to isolate nodes from each other. Using VENET my nodes can ping each other and even the HN.

How do I avoid this?

/Allan

[Updated on: Thu, 26 March 2009 11:08]

Report message to a moderator

Re: Isolation of nodes from each other ..... [message #35366 is a reply to message #35361] Thu, 19 March 2009 13:03 Go to previous messageGo to next message
kir is currently offline  kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia
Senior Member
iptables?

Kir Kolyshkin
http://static.openvz.org/userbars/openvz-developer.png

Report message to a moderator

Re: Isolation of nodes from each other ..... [message #35367 is a reply to message #35366] Thu, 19 March 2009 13:30 Go to previous messageGo to next message
schjeall is currently offline  schjeall
Messages: 27
Registered: February 2009
Location: Denmark
Junior Member
Hello

Yes, IPTABLES ahh, stupid me ;O) Sorry, for my bad formulated question.

I'm aware of IPTABLES, but what I'm looking for is a solution where the individual nodes, without local IPTABLES configuration, are isolated.

Can this be handled at the HN? Each node can reach the internet and the internet can reach nodes, but not other nodes or the HN. And as mention, no configuration on the nodes, noly HN.

Any examples, link to guides are welcome.

Report message to a moderator

Re: Isolation of nodes from each other ..... [message #35369 is a reply to message #35367] Thu, 19 March 2009 14:21 Go to previous messageGo to next message
kir is currently offline  kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia
Senior Member
I meant iptables rules on the HN. Sorry I'm busy to test below examples...

Drop VE->HN traffic with
iptables -A INPUT -s x.x.x.x/nn -d y.y.y.y -j DROP

where x.x.x.x/nn is a network from which you allocate IPs for contaners, and y.y.y.y is HN IP.

Drop VE->VE traffic with
iptables -A FORWARD -s x.x.x.x/nn -d x.x.x.x/nn -j DROP

where x.x.x.x/nn is a network from which you allocate IPs for contaners

Kir Kolyshkin
http://static.openvz.org/userbars/openvz-developer.png

Report message to a moderator

Re: Isolation of nodes from each other ..... [message #35370 is a reply to message #35369] Thu, 19 March 2009 14:30 Go to previous message
schjeall is currently offline  schjeall
Messages: 27
Registered: February 2009
Location: Denmark
Junior Member
Hello

You are genius. Thank you so much. The rules looks really simple and I can't wait to try your proposal.

/Allan

Report message to a moderator

Previous Topic: Kernel Panic with Server Dual Quad Xeon E54xx
Next Topic: Stupid Template Question
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sat Jul 27 16:25:36 GMT 2024

Total time taken to generate the page: 0.02753 seconds
Powered by FUDforum Powered by Virtuozzo Containers