OpenVZ Forum


Home » General » Support » NAT question (Problems to apply nat rules to get internet to vps)
NAT question [message #51388] Sun, 04 May 2014 17:15 Go to next message
rubendob is currently offline  rubendob
Messages: 2
Registered: May 2014
Junior Member
Hi

recently I have mounted a new centos 6 with openvz. At the final step, I was tring to give internet to vps with NAT iptables but I got this problem

v1.3.5: can't initialize iptables table `nat': Table does not exist

I have noticed that after install openvz kernel, new file in /etc/modprobe.conf is crated with the next line:

options ip_conntrack ip_conntrack_disable_ve0=1

If I comment the line of the file then I can apply the rule and centos does not complaint like before.

Why this? I doon't understand. Can you give me some information about it?

Thanks

Report message to a moderator

Re: NAT question [message #51410 is a reply to message #51388] Mon, 12 May 2014 19:10 Go to previous messageGo to next message
kir is currently offline  kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia
Senior Member
vzctl prints the following upon adding this line:

============================================================ ================
Due to conntrack impact on venet performance, conntrack need to be disabled
on the host system (it will still work for containers).

Adding the following option to /etc/modprobe.d/openvz.conf

options nf_conntrack ip_conntrack_disable_ve0=1

This change will take effect only after the next reboot.

NOTE: IF YOU NEED conntrack functionality, edit $file NOW,
changing =1 to =0. DO NOT REMOVE the line, or it will be re-added!
============================================================ ================

I think this explains it. Also, make sure you DO NOT COMMENT OUT this line, but change the parameter value to 0, otherwise it might be re-added during vzctl upgrage.

Kir Kolyshkin
http://static.openvz.org/userbars/openvz-developer.png

Report message to a moderator

Re: NAT question [message #51412 is a reply to message #51410] Fri, 16 May 2014 13:00 Go to previous message
TheStig is currently offline  TheStig
Messages: 94
Registered: December 2008
Member
is there more information available as to what the performance impact of conntrack on ve0 is and why it was decided now that it will be disabled by default?

Report message to a moderator

Previous Topic: iptables NFQUEUE - dumpcap (wireshark) connection doesn't work
Next Topic: PHYSPAGES + SWAPPAGES limit
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Fri Dec 01 07:29:32 GMT 2023

Total time taken to generate the page: 0.08386 seconds
Powered by FUDforum Powered by Virtuozzo Containers