| Home » General » Discussions » Globally connected VE containers (How to do it,the REDHAT way) Goto Forum:
	| 
		
			| Globally connected VE containers [message #39608] | Sun, 16 May 2010 16:03  |  
			| 
				
				
					|  lars.bailey Messages: 38
 Registered: April 2010
 | Member |  |  |  
	| I have seen many threads on various forums,from OVZ users wanting Internet connectivity for a VE.
 I thought I would pass my method on here,and place this HOWTO on WIKI at a later time.
 This is mainly FYI.
 
 
 0.0 My assumptions
 
 You have a globally connected network interface (eth0),a
 internal network interface(eth1),you use static network configurations for both Node and VE,and you use REDHAT based
 OS for the Node and VE.
 
 
 1.0 VE containers that use the VENET adapter interface
 
 On the Node server,make sure you have the following kernel
 keys enabled in "/etc/sysctl,conf".
 
 net.ipv4.conf.default.forwarding = 1
 net.ipv4.conf.default.proxy_arp = 0
 
 In a terminal shell,type;
 
 setup
 
 From the text based menu,select "Firewall configuration" and hit "Enter".
 If you disabled the firewall during OpenVZ setup,select "enabled".
 Disable "SElinux" and choose "Customize".
 You should see a listing of known network devices on the Node.
 From the list of "trusted" devices,select "VENET0".
 Select the "VENET0" for "Masquerade".
 Hit "OK".
 Exit "setuptool".
 Enter into the VE.
 Type;
 
 lynx www.openvz.org
 
 and in a few seconds,you should be brought to the OVZ wiki.
 
 
 2.0 VE containers that use non-bridged VETH adapters
 
 To review how to setup non-bridged VE containers,you must use IP subnetting,and the VETH adapter interface,must be configured as the VE container's gateway.
 On the Node server,make sure you have the following kernel
 keys enabled in "/etc/sysctl,conf".
 
 net.ipv4.conf.default.forwarding = 1
 net.ipv4.conf.default.proxy_arp = 0
 
 Create a static network configuration for the VETH adapter.
 As example for VE 101;
 
 DEVICE=veth101.0
 TYPE=Ethernet
 IPADDR=192.168.101.254
 PREFIXLEN=24
 ONBOOT=yes
 
 Use "ifconfig",to comfirm that the VETH adapter has an IP address.
 If not,use "ifdown vethXXX.0",then "ifup vethXXX.0".
 This should give the VETH adapter its IP address.
 From a terminal shell,type;
 
 setup
 
 From the text based menu,select "Firewall configuration" and hit "Enter".
 If you disabled the firewall during OpenVZ setup,select "enabled".
 Disable "SElinux",and choose "Customize".
 You should see a list of known network devices.
 Select the VETH adapter for the VE,as a "trusted" device.
 Select the VETH adapter for "Masquerade".
 Hit "OK".
 Exit "setuptool".
 Create a static network configuration for the VE.
 A sample configuration;
 
 DEVICE=eth0
 TYPE=Ethernet
 IPADDR=192.168.101.2
 PREFIXLEN=24
 GATEWAY=192.168.101.254
 ONBOOT=yes
 
 As a note,do not add any gateway directive in a VE's
 "/etc/sysconfig/network" file,such as.
 
 GATEWAY=A.B.C.D
 
 Enter into the VE.
 Type;
 
 service network restart
 
 Type;
 
 ip route list
 
 You should see the gateway address of the VETH adapter.
 If you see "default eth0",check your network configurations.
 This was taken directly from VE 101 on my Node server.
 
 [root@moe /]# ip route show
 192.168.101.0/24 dev eth0  proto kernel  scope link  src 192.168.101.1
 169.254.0.0/16 dev eth0  scope link
 default via 192.168.101.254 dev eth0
 [root@moe /]#
 
 Once you see the VE's gateway as the VETH adapter's IP,you should be able to "ping" the Node server's "default" gateway.
 This is the "ping" results for "moe".
 
 [root@moe /]# ping -c 3 192.168.1.254
 PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
 64 bytes from 192.168.1.254: icmp_seq=1 ttl=254 time=1.72 ms
 64 bytes from 192.168.1.254: icmp_seq=2 ttl=254 time=0.787 ms
 64 bytes from 192.168.1.254: icmp_seq=3 ttl=254 time=0.855 ms
 
 --- 192.168.1.254 ping statistics ---
 3 packets transmitted, 3 received, 0% packet loss, time 1999ms
 rtt min/avg/max/mdev = 0.787/1.121/1.722/0.426 ms
 [root@moe /]#
 
 If you have successful pings to the Node server's gateway,type;
 
 lynx www.openvz.org
 
 and you should be brought up to the OVZ WIKI.
 
 
 3.0 VE containers that use bridged Ethernet
 
 Create a static Ethernet bridge,and give the bridge an IP address.
 The rest of this section,I assume bridge ID "vzbr1".
 
 DEVICE=vzbr1
 TYPE=Bridge
 IPADDR=192.168.99.254
 PREFIXLEN=24
 ONBOOT=yes
 
 Check to make sure,you see a listing for the bridge in the
 "/proc/sys/net/ipv4/conf" directory.
 The Ethernet bridge,must exist here.
 On the Node server,make sure you have the following kernel
 keys enabled in "/etc/sysctl,conf".
 
 net.ipv4.conf.default.forwarding = 1
 net.ipv4.conf.default.proxy_arp = 0
 net.ipv4.conf.vzbr1.proxy_arp = 1
 
 Type;
 
 setup
 
 From the text based menu,select "Firewall configuration" and hit "Enter".
 If you disabled the firewall during OpenVZ setup,select "enabled".
 Disable "SElinux",and choose "Customize".
 You should see a list of known network devices.
 Select the Ethernet bridge,as a "trusted" device.
 Select the Ethernet bridge for "Masquerade".
 Hit "OK".
 Exit "setuptool".
 Add a route to the VE.
 
 ip route add 192.168.101.1 via 192.168.99.254
 
 Ping VE.
 If you get a sucessful ping,save this in the Node server's
 "/etc/rc.d/rc.local".
 
 ip -4 ro flush scope global type unicast
 ip -4 ro -s -s flush arp cache
 ip route add 192.168.101.1 via 192.168.99.254
 
 Enter into the VE.
 Add a route to the Node server's default gateway.
 
 ip route add 192.168.1.254 via 192.168.101.1
 
 Ping the gateway IP address.
 If you get a sucessful ping,type;
 
 lynx www.openvz.org
 
 in a few seconds,you should be brought up to the OVZ wiki.
 If you get the OVZ webpage in LYNX,add this to the VE's
 "/etc/rc.d/rc.local".
 
 ip -4 ro flush scope global type unicast
 ip -4 ro -s -s flush arp cache
 ip route add 192.168.1.99 via 192.168.101.1
 
 As a final note,the procedures will work for either a globally
 connected Node,or a Node that has a next-hop router.
 
 |  
	|  |  |  
	|  |  
	|  | 
 
 
 Current Time: Sat Oct 25 18:16:20 GMT 2025 
 Total time taken to generate the page: 0.08705 seconds |