OpenVZ Forum


Home » General » Support » *SOLVED* MASQUERADE with IPTables in a VPS
*SOLVED* MASQUERADE with IPTables in a VPS [message #7700] Sat, 21 October 2006 09:30 Go to next message
slg2001 is currently offline  slg2001
Messages: 20
Registered: March 2006
Location: Germany
Junior Member

Hello,

i can't add a iptalbes Rule for masquerading in the VPS where my OpenVPN-Server is running, at the HN is it no problem to add someone!

VPS-Network=192.168.120.0/24
OpenVPN-Network= 5.5.0.0/24


VPS IPtalbes-Config
IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT "


Loaded IPTables Modules at the HN
[root@hn ~]# lsmod | grep ipt
ipt_MASQUERADE          1632  0
iptable_nat             7716  3
ip_nat                 13300  2 ipt_MASQUERADE,iptable_nat
ip_conntrack           47300  4 xt_state,iptable_nat,ip_nat
ipt_ttl                 1568  5
ipt_TCPMSS              3552  5
iptable_mangle          3520  5
iptable_filter          3232  7
ipt_multiport           2496  10
ipt_tos                 1344  5
ipt_REJECT              4256  7
ip_tables              11356  3 iptable_nat,iptable_mangle,iptable_filter
x_tables               12544  13 ipt_MASQUERADE,xt_state,iptable_nat,xt_tcpudp,xt_length,ipt_ttl,xt_tcpmss,ipt_TCPMSS,ipt_multiport,xt_limit,ipt_tos,ipt_REJECT,ip_tables
[root@hn ~]#


add a iptables rule at the VPS
[root@vps ~]# iptables -t nat -A POSTROUTING -s 5.5.0.0/24 -j MASQUERADE
iptables: No chain/target/match by that name
[root@vps ~]# iptables -L -t nat
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
[root@vps ~]#


add a iptalbes rule at the HN
[root@hn ~]# iptables -t nat -A POSTROUTING -s 5.5.0.0/24 -j MASQUERADE
[root@hn ~]# iptables -t nat -L
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  5.5.0.0/24           anywhere

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
[root@hn ~]#


Some infromations about the Hardware-Node
[root@hn ~]# uname -r
2.6.16-026test018.1.custom
[root@hn ~]#


I hope i don't forgot any information!
Thx for your help.

slg2001


To follow the path:
look to the master, follow the master, walk with the master, see through the master, become the master.

[Updated on: Mon, 23 October 2006 05:54] by Moderator

Report message to a moderator

Re: MASQUERADE with IPTables in a VPS [message #7703 is a reply to message #7700] Sat, 21 October 2006 12:30 Go to previous messageGo to next message
curx
Messages: 739
Registered: February 2006
Location: Nürnberg, Germany
Senior Member

Hi,

a look to the man page of vzctl shows me that the "ipt_MASQUERADE" is not in the IPTABLES MODULE LIST!
So you can't use the module ipt_MASQUERADE!

--iptables name
Restrict access to iptables modules inside a VE (by default
all iptables modules that are loaded in the host system are
accessible inside a VE).

You can use the following values for name: iptable_filter,
iptable_mangle, ipt_limit, ipt_multiport, ipt_tos, ipt_TOS,
ipt_REJECT, ipt_TCPMSS, ipt_tcpmss, ipt_ttl, ipt_LOG,
ipt_length, ip_conntrack, ip_conntrack_ftp, ip_con-
ntrack_irc, ipt_conntrack, ipt_state, ipt_helper, ipt-
able_nat, ip_nat_ftp, ip_nat_irc, ipt_REDIRECT xt_mac.

[Updated on: Sat, 21 October 2006 12:46]

Report message to a moderator

***SOLVED*** Re: MASQUERADE with IPTables in a VPS [message #7706 is a reply to message #7700] Sat, 21 October 2006 15:07 Go to previous messageGo to next message
slg2001 is currently offline  slg2001
Messages: 20
Registered: March 2006
Location: Germany
Junior Member

Hi curx,

thanks for the information!

Who can read, has an advantage.

Best regards
Stefan


To follow the path:
look to the master, follow the master, walk with the master, see through the master, become the master.
Re: MASQUERADE with IPTables in a VPS [message #10155 is a reply to message #7703] Sat, 10 February 2007 04:48 Go to previous message
astaka is currently offline  astaka
Messages: 14
Registered: September 2006
Junior Member
sorry, if I can't use ipt_masqerade and how can i do the NAT in VE?
Previous Topic: *SOLVED* VE with veth, using MAC address it shouldn't be aware of
Next Topic: VE as powerful as the node
Goto Forum:
  


Current Time: Sat Nov 02 12:14:02 GMT 2024

Total time taken to generate the page: 0.03294 seconds