OpenVZ Forum


Home » General » Support » Openvz proxy arp or snat?
Re: Openvz proxy arp or snat? [message #34265 is a reply to message #34244] Wed, 17 December 2008 21:21 Go to previous message
piavlo is currently offline  piavlo
Messages: 159
Registered: January 2007
Senior Member
This is not a openvz related question.

You mean you want something similar to LAN switch port mirroring
inside HN. So that network traffic to all VEs hosted on HN (including the traffic intended to HN too?) to be mirrored to specific VE which would act as IDS?

What is your current network setup in HN? do you use venet or veth devices for VEs?

Probably the best solution would be to use iptables ROUTE target with --tee option:
http://www.netfilter.org/projects/patch-o-matic/pom-external .html#pom-external-ROUTE

ps. Btw there is a VDE project http://vde.sourceforge.net/
which lets you define software LAN switch inside linux, into which
you can plug openvz VEs using trick with tap devices. But it probably won't scale well with high network traffic.

Report message to a moderator

[Message index]
 
Read Message
Read Message
Previous Topic: Can't reboot after fresh install
Next Topic: LVS and openvz
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Fri Apr 10 08:40:10 GMT 2026

Total time taken to generate the page: 1.47503 seconds
Powered by FUDforum Powered by Virtuozzo Containers