Using OpenVPN to access containers in OpenVZ host [message #52141] |
Sat, 15 August 2015 11:33 |
marl_scot
Messages: 1 Registered: August 2015 Location: Scotland
|
Junior Member |
|
|
Hi,
I have the following setup :
Home PC (IP 192.168.8.200)
Local LAN (192.168.8.0/24)
OpenVPN TUN adapter(10.9.0.1) (openVPN server)
OpenVZ Host (public IP x.x.x.x)
OpenVPN TUN adapter (10.9.0.14) (openVPN guest)
Eth0 - Public IP (x.x.x.x) - Single IP
Eth0:1 - Private IP (192.168.12.1/24)
OpenVZ Guests
Venet0:0 - Private IP (192.168.12.0/24)
I also have another range used by guests 10.91.0.0/24, this is from a set of imported OpenVZ guests.
IPTables on OpenVZ host :
=========================
iptables -F
iptables -F -t nat
iptables -t nat -A POSTROUTING -s 10.91.0.0/24 -o eth0 -j SNAT --to x.x.x.x
iptables -t nat -A POSTROUTING -s 192.168.12.0/24 -o eth0 -j SNAT --to x.x.x.x
iptables -A FORWARD -s 10.91.0.0/24 -j ACCEPT
iptables -A FORWARD -s 192.168.12.0/24 -j ACCEPT
# allow connections from openvpn
iptables -A INPUT -s 10.9.0.0/24 -d 0/0 -j ACCEPT
# allow ssh from home public ip (if vpn is down)
iptables -A INPUT -s z.z.z.z -d 0/0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -j DROP
=========================
Guest to internet works fine, access to host from outside works fine.
What I am trying to do is make all request from my home PC to network 192.168.12.0/24 go to my guests over the VPN
But I have not been able to work out a working set of iptables entries to make this work
If anyone can help would be great, I know this is more to do with OpenVPN, but i think I am getting lost with how OpenVZ integrates with the host networking
If anyone knows a way to do this on a guest by guest basis using the standard 'vzfirewall' script, that would be even better
Unfortunately I do not have access to more than 2 public IP addresses, 1 for the host, and one for a single guest that is publicly available.
All my other guests are used for development and testing of packages etc.
Any help would be great.
thanks
|
|
|