| Re: Advice needed on migration of Phys to VE [message #25673 is a reply to message #25661] |
Sun, 06 January 2008 23:47   |
|
|
I suggest you to have more than 3-4 VEs, following the "one VE per service" rule. It's not a problem that you only have 4 IP addresses -- the way to go is NAT and port forwarding, see http://wiki.openvz.org/Using_NAT_for_VE_with_private_IPs.
So, for example, in case of DNS, create a VE, assign some private IP (http://en.wikipedia.org/wiki/Private_network) to it, set up named in that VE, copy your named configuration from the host system to a new VE, test it. Then set up port forwarding so DNS queries will go to VE's named, not the host's one. If something goes wrong you can just remove the port forwarding rule until you fix the problem. When you're done, stop named on the host system.
The rule in question should look like this:
# iptables -t nat -A PREROUTING -p tcp -d ip_address --dport 53 \
-i eth0 -j DNAT --to-destination ve_address:53
Here 53 is DNS port number, ip_address is IP your bind is currently listening at, and ve_address is your new VE IP. Do not forget to add the same rule but for udp (-p udp). If you are using bind9's rndc, do the same for port 953.
Kir Kolyshkin
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
