Hi every body, Tank you for your help (I am sorry but my english is very bad.)
Well, I have OpenVz mount at Debian lenny this work very good but now I made a change in my Internet configuration and my CT do not have internet access.
I have this on my OpenVzSERVER:
eth0 Link encap:Ethernet HWaddr 00:0b:6a:94:54:88
inet addr:192.168.2.15 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::20b:6aff:fe94:5488/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2214523 errors:0 dropped:0 overruns:0 frame:0
TX packets:2034759 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1189111524 (1.1 GiB) TX bytes:998419042 (952.1 MiB)
Interrupt:19 Base address:0xd400
eth1 Link encap:Ethernet HWaddr 00:21:91:90:8e:7d
inet addr:192.168.150.2 Bcast:192.168.150.7 Mask:255.255.255.248
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:17 Base address:0xd000
eth2 Link encap:Ethernet HWaddr 00:08:54:27:1d:b8
inet addr:190.145.2.YYY Bcast:190.145.2.239 Mask:255.255.255.248
inet6 addr: fe80::208:54ff:fe27:1db8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5053 errors:0 dropped:0 overruns:0 frame:0
TX packets:34116 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1046571 (1022.0 KiB) TX bytes:9614680 (9.1 MiB)
Interrupt:18 Base address:0xcc00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:42897 errors:0 dropped:0 overruns:0 frame:0
TX packets:42897 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4394719 (4.1 MiB) TX bytes:4394719 (4.1 MiB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:43510 errors:0 dropped:0 overruns:0 frame:0
TX packets:38310 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12827547 (12.2 MiB) TX bytes:7445673 (7.1 MiB)
veth70.0 Link encap:Ethernet HWaddr 00:18:51:39:c7:e7
inet6 addr: fe80::218:51ff:fe39:c7e7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:26 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1750 (1.7 KiB) TX bytes:1312 (1.2 KiB)
I have on my CT Id 70 :
eth0 Link encap:Ethernet HWaddr 00:18:51:84:DE:57
inet addr:192.168.2.70 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::218:51ff:fe84:de57/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1008 (1008.0 b) TX bytes:1448 (1.4 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1077 errors:0 dropped:0 overruns:0 frame:0
TX packets:1077 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:83161 (81.2 KiB) TX bytes:83161 (81.2 KiB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:70 errors:0 dropped:0 overruns:0 frame:0
TX packets:687 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:37730 (36.8 KiB) TX bytes:316514 (309.0 KiB)
Id do this on my CT for network configuration:
[On OpenVzSERVER]
vzctl set 70 --ipdel 192.168.2.70
vzctl set 70 --netif_add eth0 --save
ifconfig -a
ifconfig veth70.0 0
echo 1 > /proc/sys/net/ipv4/conf/veth70.0/forwarding
echo 1 > /proc/sys/net/ipv4/conf/veth70.0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
[On CT 70]
ifconfig eth0 0
ip addr add 192.168.2.70 dev eth0
ifconfig eth0 192.168.2.70 netmask 255.255.255.0 up
ip route del default
ip route add default dev eth0
[On OpenVzSERVER]
ip route add 192.168.2.70 dev veth70.0
The CT can do ping to the network 192.168.2.0 but do not have internet access
Note: On my OpenVz SERVER do this iptables´s script :
#!/bin/sh
## SCRIPT de IPTABLES - ejemplo del manual de iptables
## Ejemplo de script para firewall entre red-local e internet
##
## Pello Xabier Altadill Izura
## www.pello.info - pello@pello.info
echo -n Aplicando Reglas de Firewall...
## FLUSH de reglas
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
## Establecemos politica por defecto
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
## Empezamos a filtrar
## Nota: eth0 es el interfaz conectado al router y eth1 a la LAN
# El localhost se deja (por ejemplo conexiones locales a mysql)
/sbin/iptables -A INPUT -i lo -j ACCEPT
# Al firewall tenemos acceso desde la red local
iptables -A INPUT -s 192.168.2.0/24 -i eth0 -j ACCEPT
# Ahora hacemos enmascaramiento de la red local
# y activamos el BIT DE FORWARDING (imprescindible!!!!!)
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth2 -j MASQUERADE
# Con esto permitimos hacer forward de paquetes en el firewall, o sea
# que otras máinas puedan salir a traves del firewall.
echo 1 > /proc/sys/net/ipv4/ip_forward
echo " OK . Verifique que lo que se aplica con: iptables -L -n"
Thanks again.