OpenVZ Forum


Home » General » Support » Exposing a virtual node as a public machine
Exposing a virtual node as a public machine [message #29344] Fri, 11 April 2008 02:57 Go to next message
simeshev is currently offline  simeshev
Messages: 5
Registered: April 2008
Junior Member
Hi,

We have just set up our first virtual node. Now we would like to expose the virtual node to the Internet as a first-class machine. It should have its own public IP address and should not communicate with the HN in any way.

The HN is CentOS 5, it has eth0 and its public IP address let say 111.111.111.111. The virtual node should be accessible at the address let say 222.222.222.222.

I guess it's a pretty common use case but, the docs are not very clear on how to do it. Any ideas?

TIA.

Slava

[Updated on: Fri, 11 April 2008 04:57]

Report message to a moderator

Re: Exposing a virtual node as a public machine [message #29345 is a reply to message #29344] Fri, 11 April 2008 05:26 Go to previous messageGo to next message
vaverin is currently offline  vaverin
Messages: 708
Registered: September 2005
Senior Member
Usually all VE traffic going via HN. However there is a possibility for a VE to directly access a physical network adapter by using "vzctl set --netdev add" command.

thank you,
Vasily Averin

Re: Exposing a virtual node as a public machine [message #29348 is a reply to message #29345] Fri, 11 April 2008 06:48 Go to previous messageGo to next message
simeshev is currently offline  simeshev
Messages: 5
Registered: April 2008
Junior Member
Thanks. It is going through HN, indeed.

I am not sure if the proposed solution answers my question. The final set up should be

HN: 111.111.111.111 - public IP
VE1: 222.222.222.222 - public IP
VEN: nnn.nnn.nnn.nnn - public IP

Will just this

vzctl set 1 --ipadd 222.222.222.222 –-save

be enough?

Slava
Re: Exposing a virtual node as a public machine [message #29350 is a reply to message #29348] Fri, 11 April 2008 06:58 Go to previous messageGo to next message
vaverin is currently offline  vaverin
Messages: 708
Registered: September 2005
Senior Member
At the first glance it should be enough.
Hovewer I don't understand the cause of Your questions.
Do You have some troubles with these settings?

thank you,
Vasily Averin
Re: Exposing a virtual node as a public machine [message #29351 is a reply to message #29350] Fri, 11 April 2008 07:34 Go to previous messageGo to next message
simeshev is currently offline  simeshev
Messages: 5
Registered: April 2008
Junior Member
Actually, we've just tried

vzctl set 1 --ipadd 222.222.222.222 –-save

and it works only firewall on the HN is down. If we bring it up the VE is blocked. With firewall up it is not working Sad

I think the question needs to be extended: How do we expose VE with a public IP address with a firewall up on the HN?

Slava
Re: Exposing a virtual node as a public machine [message #29356 is a reply to message #29344] Fri, 11 April 2008 08:20 Go to previous messageGo to next message
kir is currently offline  kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia
Senior Member

This is done pretty much the same as assigning a second IP address to the system. In this case, however, you should assign that IP to a container, not to the host system (using vzctl set CTID --ipadd x.x.x.x --save). Usually, this is all what's required. Surely this x.x.x.x IP address should be routable to your box (i.e. you can not assign arbitrary addresses -- use only those dedicated to you by your hosting/colocation/Internet provider).

Note that

1. Host system acts as a router for container, so traffic goes through the host system anyway.

2. If you don't want host system to be used as a router, you can use it as a bridge. See http://wiki.openvz.org/Veth for details.

3. If you don't want container's traffic to go through host system, you can assign a real network card/interface to that container, as described in this thread by vaverin.

Finally, see http://wiki.openvz.org/Category:Networking


Kir Kolyshkin
http://static.openvz.org/userbars/openvz-developer.png

[Updated on: Fri, 11 April 2008 08:20]

Report message to a moderator

Re: Exposing a virtual node as a public machine [message #29357 is a reply to message #29351] Fri, 11 April 2008 08:22 Go to previous messageGo to next message
kir is currently offline  kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia
Senior Member

Quote:

I think the question needs to be extended: How do we expose VE with a public IP address with a firewall up on the HN?


You need to understand that host system acts as a router for container's traffic. So traffic goes through eth0 and then to venet0 (and back). This is all what's needed to be understood.

Then you know it, set up your firewall as on router, to let the traffic for your container IP to go through.


Kir Kolyshkin
http://static.openvz.org/userbars/openvz-developer.png
Re: Exposing a virtual node as a public machine [message #29358 is a reply to message #29356] Fri, 11 April 2008 08:45 Go to previous message
simeshev is currently offline  simeshev
Messages: 5
Registered: April 2008
Junior Member
Kir,

Thank you for the detailed explanation. By any chance, do you have any recommendations on how to set up shorewall on HN for such configuration?

Slava
Previous Topic: OpenVZ and Lustre
Next Topic: My 1st VPS: failed: Temporary failure in name resolution
Goto Forum:
  


Current Time: Tue Feb 27 13:42:26 GMT 2024

Total time taken to generate the page: 0.02622 seconds