OpenVZ Forum


Home » International » Russian » Openvz и Маршруты (Еще один топик про них..)
Re: Openvz и Маршруты [message #42515 is a reply to message #42499] Tue, 26 April 2011 05:12 Go to previous messageGo to previous message
sHaggY_caT is currently offline  sHaggY_caT
Messages: 144
Registered: August 2008
Location: Moscow, Russian Federatio...
Senior Member
Правила для используемого в production сервера:

iptables-save | grep pri.vate.ip.add
-A PREROUTING -d ext.ip.add.r -i eth0 -p tcp -m tcp --dport 143 -j DNAT --to-destination pri.vate.ip.add:143 
-A PREROUTING -d ext.ip.add.r -i eth0 -p tcp -m tcp --dport 25 -j DNAT --to-destination pri.vate.ip.add:25 
-A PREROUTING -d ext.ip.add.r -i eth0 -p tcp -m tcp --dport 220 -j DNAT --to-destination pri.vate.ip.add:220 
-A PREROUTING -d ext.ip.add.r -i eth0 -p tcp -m tcp --dport 993 -j DNAT --to-destination pri.vate.ip.add:993 
-A PREROUTING -d ext.ip.add.r -i eth0 -p tcp -m tcp --dport 585 -j DNAT --to-destination pri.vate.ip.add:585 
-A PREROUTING -d ext.ip.add.r -i eth0 -p tcp -m tcp --dport 110 -j DNAT --to-destination pri.vate.ip.add:110 
-A PREROUTING -d ext.ip.add.r -i eth0 -p tcp -m tcp --dport 995 -j DNAT --to-destination pri.vate.ip.add:995 
-A FORWARD -s pri.vate.ip.add -o eth0 -p tcp -m tcp --dport 25 -j ACCEPT 
-A FORWARD -s pri.vate.ip.add -o eth0 -p tcp -m tcp --dport 25 -j DROP 
-A FORWARD -s pri.vate.ip.add -d pri.vate2.ip.add -j ACCEPT 
-A FORWARD -s pri.vate2.ip.add -d pri.vate.ip.add -j ACCEPT 
-A FORWARD -d pri.vate.ip.add -p tcp -m tcp --dport 143 -j ACCEPT 
-A FORWARD -d pri.vate.ip.add -p tcp -m tcp --dport 25 -j ACCEPT 
-A FORWARD -d pri.vate.ip.add -p tcp -m tcp --dport 220 -j ACCEPT 
-A FORWARD -d pri.vate.ip.add -p tcp -m tcp --dport 993 -j ACCEPT 
-A FORWARD -d pri.vate.ip.add -p tcp -m tcp --dport 585 -j ACCEPT 
-A FORWARD -d pri.vate.ip.add -p tcp -m tcp --dport 110 -j ACCEPT 
-A FORWARD -d pri.vate.ip.add -p tcp -m tcp --dport 995 -j ACCEPT 
-A FORWARD -s 10.0.5.75 -d pri.vate.ip.add -j ACCEPT 
-A FORWARD -s pri.vate.ip.add -d 10.0.5.75 -j ACCEPT 
-A FORWARD -s pri.vate2.ip.add -d pri.vate.ip.add -j ACCEPT 
-A FORWARD -s pri.vate.ip.add -d pri.vate2.ip.add -j ACCEPT 
-A FORWARD -s pri.vate3.ip.add -d pri.vate.ip.add -j ACCEPT 
-A FORWARD -s pri.vate.ip.add -d pri.vate3.ip.add -j ACCEPT 
-A FORWARD -s pri.vate4.ip.add -d pri.vate.ip.add -j ACCEPT 
-A FORWARD -s pri.vate.ip.add -d pri.vate4.ip.add -j ACCEPT 
-A FORWARD -s pri.vate.ip.add -o eth0 -j ACCEPT 
-A FORWARD -s pri.vate.ip.add -j DROP 
-A FORWARD -d pri.vate.ip.add -j DROP


P.S. для web можно использовать HTTP-реверс прокси Nginx, через DNAT выставлять наружу порт 80, DNAT-имый на контейнер с Nginx, а он дальше будет проксить на нужные Вам контейнеры.

IT-outsource for UNIX servers,
http://ha-systems.ru

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: BF2 в контейнере OpenVZ
Next Topic: Настройка 3 сетевки, 2 локалки, интернет
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sat Jan 24 03:21:47 GMT 2026

Total time taken to generate the page: 0.44937 seconds
Powered by FUDforum Powered by Virtuozzo Containers