Hostserver with virtual Gateway and virtual Servers [message #39169] |
Mon, 22 March 2010 00:16 |
Erdbeergulasch
Messages: 6 Registered: March 2010
|
Junior Member |
|
|
Specification:
I have a HN with following ips 12.12.12.2 and 12.12.12.10
The HN uses 12.12.12.2 for himself, so 12.12.12.10 is unused.
HN uses 12.12.12.1 as Standardgateway.
i want to create a virtual gateway (gw1), which is available by public ip 12.12.12.10.
All incoming Requests to Port 22 should be forwarded to SRV1. All the Other should be dropped.
But SRV1 needs connection to Internet too. (i think masquerading should be a good idea)
In a nutshell:
SRV1 uses GW1 as Standardgateway.
GW1 should forward requests to 12.12.12.10:22 to SRV1. (DNAT)
GW1 should forward requests to Internet from SRV1. (MASQUERADING)
Problems:
GW1 doesn't have any problems. It has connection to and from internet.
But SRV1 has no connection to and from internet.
Maybe...
...because in SRV1 i can ping all ip's that are on the HN, even when there are no routes for the gw1 defined.
...because packages to 192.168.1.0/24(whole netz), 12.12.12.10 and 12.12.12.2 can be delivered.
...because packages out of eth0 from HN doesn't return. (I think private ips would not be routed in the internet)
Current config:
Server to OpenvzID:
101 => GW1
111 => SRV1
Networkconfig
HN:
eth0: 12.12.12.2/32
veth101.0: => connected to eth0 am GW1
veth101.1: => connected to eth1 am GW1
veth111.0: => connected to eth0 am SRV1
GW1:
eth0: 12.12.12.10/32 => connected to veth101.0 am HN
eth1: 192.168.1.1/24 => connected to veth101.1 am HN
SRV1:
eth0: 192.168.1.11/24 => connected to veth111.0 am HN
My routes:
HN:
12.12.12.10 0.0.0.0 255.255.255.255 UH 0 0 0 veth101.0
192.168.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 veth101.1
192.168.1.11 0.0.0.0 255.255.255.255 UH 0 0 0 veth111.0
12.12.12.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
0.0.0.0 12.12.12.1 0.0.0.0 UG 0 0 0 eth0
GW1:
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 eth0
SRV1:
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
bit of iptables:
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADING
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j DNAT --to-destination 12.12.12.10
|
|
|