Hello
I have debian 3.1 with 2.6.8+patch-022stab078-combined.
On Host i have 1 public ip so for VEs i use 192.168.1.101 in host i add:
echo '1' > /proc/sys/net/ipv4/ip_forward
and in iptables:
IPT=/sbin/iptables
IPTF="$IPT -t filter"
IPTN="$IPT -t nat"
$IPTN -A POSTROUTING -s 192.168.1.0/24 -o eth4 -j SNAT --to ip
$IPTF -A FORWARD -i venet0 -s 192.168.1.0/24 -o eth4 -d 0/0 -j ACCEPT
$IPTF -A FORWARD -i eth4 -s 0/0 -o venet0 -d 192.168.1.0/24 -j ACCEPT
venet0 in host have ip 192.168.1.1:
1: venet0: <BROADCAST,POINTOPOINT,NOARP,UP> mtu 1500 qdisc noqueue
link/void
inet 192.168.1.1/24 brd 192.168.1.255 scope global venet0
and in VEs:
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.1.101 P-t-P:192.168.1.101 Bcast:192.168.1.255 Mask:255.255.255.0
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 venet0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 venet0
With that config i can ping from VEs public ip on host and from host ip on VEs, but if i want ping world don't work.
In iptables filter table on forward chain i saw incoming packet from VEs but the packet are not going to nat table:
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT all -- * eth4 192.168.1.0/24 0.0.0.0/0 to:80.48.115.12
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT all -- * eth4 192.168.1.0/24 0.0.0.0/0 to:80.48.115.12
PS. In /etc/modules.conf i have:
options ip_conntrack ip_conntrack_enable_ve0=1
What i have done wrong ?
OpenVZ Forum
Members
Search
Help
Register
Login
Home
