OpenVZ Forum


Home » General » Support » Using NAT for container with private IPs
Using NAT for container with private IPs [message #47460] Sat, 11 August 2012 21:03
joaodrp is currently offline  joaodrp
Messages: 1
Registered: August 2012
Junior Member
Hi,

I've installed OpenVZ for the first time, in a fresh CentOS 6.3 host server. Here are its details:

root@Server-1:~/ # uname -a                                                                                                            
Linux Server-1 2.6.32-042stab059.7 #1 SMP Tue Jul 24 19:12:01 MSK 2012 x86_64 x86_64 x86_64 GNU/Linux

root@Server-1:~/ # ifconfig                                                                            
eth0   ...
          inet addr:10.0.3.11  Bcast:10.0.3.255  Mask:255.255.255.0  
          ...

venet0 Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet6 addr: fe80::1/128 Scope:Link
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:12 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:3 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:876 (876.0 b)  TX bytes:1100 (1.0 KiB)

root@Server-1:~/ # cat /etc/resolv.conf
# Generated by NetworkManager
domain mylabdomain.com
search mylabdomain.com
nameserver 10.0.3.1

root@Server-1:~/ # cat /proc/sys/net/ipv4/ip_forward
1


After installing OpenVZ without problems I downloaded the CentOS 6 template and created my first VE:

root@Server-1:~/ # vzctl create 101 --ostemplate centos-6-x86_64 --config basic
root@Server-1:~/ # vzctl set 101 --onboot yes --hostname 101.mylabdoamin.com --ipadd 192.168.1.101 --searchdomain mylabdoamin.com --nameserver 10.0.3.1 --userpasswd root:XXXX --save
root@Server-1:~/ # vzctl start 101


Everything went smoothly and I can ping VE from host and ping host from VE. However I cannot reach the Internet (yum, ping, etc) from inside the VE (I've . Since I cannot control the LAN of my host (the machine is on my university lab), I cannot assign public IPs to it. I've read all the post in this forum with similar problems but I cant find a solution that works.

I've focused in the wiki.openvz.org/Using_NAT_for_container_with_private_IPs Wiki, but I get stuck in the "IP conntracks" section, because there is no /etc/modules.conf or /etc/modprobe.conf files in my host, I only see a /etc/modprobe.d/ directory with a bunch of sub directories and files. Are there updated instructions for this step?

Although not being able to complete that step, I've proceeded with the guide and done the following in the host:

root@Server-1:~/ # iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to 10.0.3.11


But then I get stuck again in iptables when trying to enable outgoing connections:

root@Server-1:~/ # iptables -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -j ACCEPT                     
iptables: No chain/target/match by that name.


When inspecting iptables rules I get:

root@Server-1:~/ # iptables -L    
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination   


Can anyone help on this? I've been struggling to get my VE's with Internet connection all day and cant get it working.
Previous Topic: [SOLVED] Kernel-PAE Not Reading Memrory
Next Topic: Java
Goto Forum:
  


Current Time: Mon Nov 18 19:22:21 GMT 2024

Total time taken to generate the page: 0.02919 seconds