OpenVZ Forum


Home » General » Support » Running VEs on a Strato Hostsystem with natted public->private ip-addresses
Running VEs on a Strato Hostsystem with natted public->private ip-addresses [message #9675] Tue, 16 January 2007 16:50 Go to previous message
BAzfH is currently offline  BAzfH
Messages: 2
Registered: January 2007
Location: Moenchengladbach, DE
Junior Member
Hi,

i am having a problem I am stuck on with Openvz. First of all some pre-information that i find to be useful:

Host OS: Debian Etch (4.0 / testing)
Host Kernel: 2.6.18-1-openvz (patched with kernel-patch-openvz from debian/testing archive)
Host Interfaces:
eth0: X.X.X.X (public address)
eth0:0: Y.Y.Y.Y (public address)

The setup I desire is to have is: a VE inside openvz running Debian Etch, serving some services which are to be available on the
eth0:0's ip-address. This should be achieved by doing some SNAT for outgoing traffic and some DNAT for incoming traffic on some specific ports. Therefore i thin venet is the best choice for me, also because i maybe would like to switch to have more then one VE, each providing *one* specific service.

So what i do is:
1. Create a VE with an private ip-address (tried IP-Addresses in all of the three possible classes)
2. Add iptables-rules on the host system according to this documentation:
http://wiki.openvz.org/Using_NAT_for_VE_with_private_IPs

That does result in such messages when starting an VE:

arpsend: 10.0.0.101 is detected on another computer : 00:00:5e:00:01:02

Also network is *not* working. Inside of the VE i can do ICMP-flood other systems and getting replies, but i cannot do something more like e.g. connecting systems. It is not a DNS problem, cause I've checked that by connecting a specific service by its ip and port. I heard there may be a future enabled on the HSP switch for security concerns that is answering the arpsend request which results in the above error message. But i quiet don't understand why this switch does get info about my internal ip address? Isn't it possible to configure it so, that _only_ the host system is able to "see" these addresses? Switch does not need to, or am I wrong?

So what i want to know is: Is my approach right? Do i miss something? If you need more input to help me, feel free to ask for it. Did anyone setup openvz on a strato server who knows whats specific with Strato Servers who can guide me a bit?

Thanks in advance
Best Regards

Patrick / BAzfH
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: compiling kernel without module support
Next Topic: Performance Question
Goto Forum:
  


Current Time: Sun Nov 17 17:29:38 GMT 2024

Total time taken to generate the page: 0.02849 seconds