| Re: Host-only network for CT [ Vmware && Virtual Box style ] [message #43417 is a reply to message #43349] |
Wed, 07 September 2011 23:20  |
xdanx
Messages: 4
Registered: August 2011
|
Junior Member |
|
|
Ok, I created the network as you said.
vzctl set 101 --ipadd 10.0.2.10
vzctl set 102 --ipadd 10.0.2.11
So, the image is like this:
CT 1 : venet0:0 -> 10.0.2.10
CT 2 : venet0:0 -> 10.0.2.11
HN : NO IP in network 10.0.2.0/24 + eth0 -> 192.168.0.30
As you said, I can ping the CTs between them, I can ping from HN each CT , and I can ping from the CT the HN , on its eth0 address ( 192.168.0.30 )
My questions are :
1) In order to fully create a host-only network, is it correct to add the HN the ip 10.0.2.1 :
[root@HN ~]# ifconfig venet0 10.0.2.1 netmask 255.255.255.0 ?
It is still a small problem, as the CTs can still ping 192.168.0.30 [ the HN other IP ] , which in a host-only network. Should I use iptables here ?
2) If I want to forward some ports from the HN to the CT nodes, what is the path the packets will take and what interfaces should I setup in the process ?
I was here wiki.openvz.org/Traffic_shaping_with_tc that the path packets take is
venet0:0 venet0 eth0
CT >------------->-------------> HN >--------->--------> RH
venet0:0 venet0 eth0
CT <-------------<-------------< HN <---------<--------< RH
3) On top of this thing I want to use SNORT to protect the CTs [ all the open ports on the HN on the internet interface will be forwarded to the CTs ] Where is better to put SNORT to listen ? on eth0 or venet0 on HN ?
Thanks and hope this will help anyone interested in creating host-only networks,
Dan
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
