OpenVZ Forum: Support » Hostserver with virtual Gateway and virtual Servers

Home » General » Support » Hostserver with virtual Gateway and virtual Servers

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Hostserver with virtual Gateway and virtual Servers [message #39169]

Mon, 22 March 2010 00:16

Erdbeergulasch
Messages: 6
Registered: March 2010

Junior Member

Specification:
I have a HN with following ips 12.12.12.2 and 12.12.12.10
The HN uses 12.12.12.2 for himself, so 12.12.12.10 is unused.
HN uses 12.12.12.1 as Standardgateway.
i want to create a virtual gateway (gw1), which is available by public ip 12.12.12.10.
All incoming Requests to Port 22 should be forwarded to SRV1. All the Other should be dropped.
But SRV1 needs connection to Internet too. (i think masquerading should be a good idea)

In a nutshell:
SRV1 uses GW1 as Standardgateway.
GW1 should forward requests to 12.12.12.10:22 to SRV1. (DNAT)
GW1 should forward requests to Internet from SRV1. (MASQUERADING)

Problems:
GW1 doesn't have any problems. It has connection to and from internet.
But SRV1 has no connection to and from internet.
Maybe...
...because in SRV1 i can ping all ip's that are on the HN, even when there are no routes for the gw1 defined.
...because packages to 192.168.1.0/24(whole netz), 12.12.12.10 and 12.12.12.2 can be delivered.
...because packages out of eth0 from HN doesn't return. (I think private ips would not be routed in the internet)

Current config:
Server to OpenvzID:
101 => GW1
111 => SRV1

Networkconfig
HN: 
    eth0:       12.12.12.2/32
    veth101.0:  => connected to eth0 am GW1
    veth101.1:  => connected to eth1 am GW1
    veth111.0:  => connected to eth0 am SRV1
GW1:
    eth0:       12.12.12.10/32 => connected to veth101.0 am HN
    eth1:       192.168.1.1/24 => connected to veth101.1 am HN
SRV1:
    eth0:       192.168.1.11/24 => connected to veth111.0 am HN

My routes:
HN:
    12.12.12.10     0.0.0.0         255.255.255.255 UH        0 0          0 veth101.0
    192.168.1.1     0.0.0.0         255.255.255.255 UH        0 0          0 veth101.1
    192.168.1.11    0.0.0.0         255.255.255.255 UH        0 0          0 veth111.0
    12.12.12.1      0.0.0.0         255.255.255.255 UH        0 0          0 eth0
    0.0.0.0         12.12.12.1      0.0.0.0         UG        0 0          0 eth0
GW1:
    192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
    0.0.0.0         0.0.0.0         0.0.0.0         U         0 0          0 eth0
SRV1:
    192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
    0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 eth0


bit of iptables:
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADING
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j DNAT --to-destination 12.12.12.10

Report message to a moderator

Previous Topic:	vzmigrate - shared storage
Next Topic:	IP-Tables Problem on vz-machine bei stateful inspection

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Fri Jul 26 17:30:25 GMT 2024

Total time taken to generate the page: 0.03297 seconds