OpenVZ Forum


Home » General » Support » Pound / iptables issue
Pound / iptables issue [message #46106] Thu, 26 April 2012 10:32 Go to previous message
keenan is currently offline  keenan
Messages: 2
Registered: April 2012
Junior Member
Hi,

I have a ProxMox setup with a a couple OpenVZ guests on the 10.10.10.0 network. I have set up rules to forward SSH from other ports to the guests' 22 and everything is working as it should: I can SSH to both VMs, VMs see the internet, ping from the guest to the host works and vice versa, etc. I guess routing and iptables are not the problem here.

Now I want to set up pound so incoming HTTP traffic on the host port 80 redirects to port 80 on each machine depending on the URL.

My pound config is as follows:

ListenHTTP
        Address my_external_address
        Port    80
        xHTTP 0
        Service
                HeadRequire "Host:.*domain.com.*"
                BackEnd
                        Address 10.10.10.4
                        Port    80
                End
        End
End
ListenHTTP
        Address my_external_address
        Port    80
        xHTTP 0
        Service
                HeadRequire "Host:.*domain2.com.*"
                BackEnd
                        Address 10.10.10.5
                        Port    80
                End
        End
End


If I do "tcpdump port http and dst my_external_address", I can see packets are reaching the host just right:

12:26:31.608497 IP my_ip.55591 > my_external_host.www: S 3735442263:3735442263(0) win 8192 <mss 1452,nop,nop,sackOK>

tcpdump on the guest doesn't show anything though, so the problem is the redirection of the packets from the host to the guest.


Do I need to set up any other routes or something?

This is my netfilter configuration:

# iptables -t nat -L && iptables -t filter -L && iptables -t mang
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere            tcp dpt:10224 to:10.10.10.4:22
DNAT       tcp  --  anywhere             anywhere            tcp dpt:10225 to:10.10.10.5:22
DNAT       tcp  --  anywhere             anywhere            tcp dpt:10224 to:10.10.10.4:22
DNAT       tcp  --  anywhere             anywhere            tcp dpt:10225 to:10.10.10.5:22

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       all  --  10.10.10.0/24        anywhere            to:my_ip
SNAT       all  --  10.10.10.0/24        anywhere            to:my_ip
SNAT       all  --  10.10.10.0/24        anywhere            to:my_ip

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Report message to a moderator

[Message index]
 
Read Message
Read Message
Previous Topic: failcnt on unlimited values?
Next Topic: quota error in cpanel
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Tue Aug 12 05:39:22 GMT 2025

Total time taken to generate the page: 0.65179 seconds
Powered by FUDforum Powered by Virtuozzo Containers