(NAT Internet for containers) in a container [message #39034] |
Fri, 05 March 2010 05:39 |
alevchuk
Messages: 22 Registered: February 2007 Location: University of California,...
|
Junior Member |
|
|
Dear OpenVZ support,
How can I setting-up a container that provides the service of a NAT Internet access for other containers?
Specifically:
I have Container N, Container C1, Container C2.
1. N is talking to the Internet through anything (veth, venet, a "moved" --netdev_add device).
2. N, C1, and C2 all have a venet0:0 IP which they all use to talk to each other.
3. N has ip_forwading enabled
4. N is running something like:
iptables -A POSTROUTING -s 192.168.16.0/24 -o vzbr0 -j SNAT --to-source PUBLIC_IP
5. C1 and C2 have N as their default gateway.
Problem:
I attempted this setup 2 times in two completely different places, and tested. Each of the 5 above steps work individually.
The packets of C1 and C2 going to Internet never reach N.
My Best Explanation:
I read (don't remember where) that OpenVZ drops all traffic on the Venet if the packet's destination does not match any of the IPs on the private network.
Thank you for reading.
Sincerely,
Alex
|
|
|