Hi,
I am trying to do a simple network using NAT.
My CT0 have a public IP and I want to share it with 3 VM, I have followed this : wiki.openvz.org/Using_NAT_for_container_with_private_IPs
CT0 public IP : X.X.140.213
CTX Network : 192.168.0.0/24
I can ping my VM and I can access my VM using SSH through NAT but VM can't ping anything on the internet. I think this is a strange behavior.
Here is my sysctl :
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
Iptables on CT0 : (very unsecure for testing)
#!/bin/sh
iptables -t filter -F
iptables -t filter -X
iptables -t filter -P INPUT ACCEPT
iptables -t filter -P FORWARD ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT --to X.X.140.213
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT
iptables -A INPUT -i venet0 -j ACCEPT
# SSH CT1 (port 2221)
iptables -t nat -I PREROUTING -p tcp -d X.X.140.213 --dport 2221 -j DNAT --to 192.168.0.1:22
iptables -I FORWARD -p tcp -d 192.168.0.1 --dport 2221
# SSH CT2 (port 2222)
iptables -t nat -I PREROUTING -p tcp -d X.X.140.213 --dport 2222 -j DNAT --to 192.168.0.2:22
iptables -I FORWARD -p tcp -d 192.168.0.2 --dport 2221
By the way I set up CT using OpenVZ Web Panel.
What do I missunderstand ?
Thanks.
OpenVZ Forum
Members
Search
Help
Register
Login
Home
