| Re: Proxmmox with OpenVZ and veth network configuration [message #44695 is a reply to message #44415] |
Thu, 22 December 2011 16:05  |
votsalo
Messages: 26
Registered: December 2011
Location: Greece
|
Junior Member |
|
|
I don't have the answer for you, but since I'm dealing and learning about similar networking issues, I'll tell you my experience.
I recently started using proxmox and openvz with ubuntu 10.04 containers, like you have, except that my HN has a static public IP address.
The first issue I had to resolve was how to setup the network so the containers could access the internet. With the installation of proxmox that my hosting provider gave me, the containers were isolated from the internet. I am no networking expert, so it took me about a day to get outbound connectivity by setting up NAT on the host node, using iptables:
#!/bin/sh
iptables -t nat --flush
INTERFACE=vmbr0
IP=x.x.x.x # The static IP of my HN
iptables -t nat -A POSTROUTING -o $INTERFACE -j SNAT --to $IP
iptables -t nat -A PREROUTING -i $INTERFACE -j DNAT --to $IP
iptables -t nat -L
I tried each interface from the ifconfig list in turn, until I found the one that worked (vmbr0).
My containers can now connect to the internet, and I can use apt-get install to install software (solved major problem #1).
I haven't tackled the inbound connections yet, but I suspect I will do something similar with iptables, e.g. reroute http connections to my "http" container, etc. I will not attempt to reroute http connections to two different containers, yet, but I have read that I can use an http reverse proxy to do this (the recommendation was for a package called pound). I don't know yet what I will do for things like ssh. I could setup different ports for each container, or simply ssh to HN, and from there ssh to each container, as I do now.
In your case, it seems that your HN is in a home network, and it may be possible to access each of your containers individually from any other machines in your network. However, since all containers are in a single machine, your network must know to send packets for all of your container IPs to the same wire (your HN node). If your network is a "hub" that sends all packages to all nodes, this would work. If it is a switch (more likely) that sends each packet to the wire it things it should go to, it might not work, or it might work sporadically.
If your HN is on wi-fi, it may work better, since there are no wires to choose from (I suspect wi-fi is closer to a hub than to a switch).
Since I am no networking expert, I've already reached the limits of my knowledge on the topic and I may have given inaccurate information. Perhaps someone else can step in and elucidate us both.
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
