OpenVZ Forum


Home » General » Support » *SOLVED* ports and port forwarding
*SOLVED* ports and port forwarding [message #10132] Thu, 08 February 2007 23:38 Go to next message
mora is currently offline  mora
Messages: 37
Registered: October 2006
Member
Hello
i have two easy questions ...
i tried the manual and it seems very difficult to me to apply
i tried portforwarding explained here but that didn't work


i have the HN with this ip 71.1.2.3
and VE 101 with ip 10.0.0.5

i want all connections made on the HN except for the ssh port which is 8091 to be forwarded to VE 101

and i want these changes permanent after reboot

please provide me with the exact commands
thank you very very much

[Updated on: Tue, 13 February 2007 14:58] by Moderator

Report message to a moderator

Re: ports and port forwarding [message #10172 is a reply to message #10132] Sun, 11 February 2007 19:01 Go to previous messageGo to next message
mora is currently offline  mora
Messages: 37
Registered: October 2006
Member
Hello
anybody would really help me please ?

Report message to a moderator

Re: ports and port forwarding [message #10191 is a reply to message #10172] Mon, 12 February 2007 10:44 Go to previous messageGo to next message
Vasily Tarasov is currently offline  Vasily Tarasov
Messages: 1345
Registered: January 2006
Senior Member
Hello,

I will help you this time, but I want to notice, that your question is not OpenVZ related. Therefore this is not the right place where to ask such questions. So, don't be offended on lack of answers on your post.

I will explain everything, assuming that you use RedHat/CentOS. For other distributions it shoold not be much different. So, if iptables is installed on your node, you should create file /etc/sysconfig/iptables with the following contents:

# Generated by iptables-save v1.2.11 on Mon Feb 12 13:04:04 2007
*nat
:PREROUTING ACCEPT [1033:152955]
:POSTROUTING ACCEPT [6:649]
:OUTPUT ACCEPT [5:589]
-A PREROUTING -d 192.168.3.184 -i eth1 -p tcp -m tcp --dport 22 -j ACCEPT
-A PREROUTING -d 192.168.3.184 -i eth1 -j DNAT --to-destination 10.0.0.5
-A POSTROUTING -s 10.0.0.5 -o eth1 -j SNAT --to-source 192.168.3.184
COMMIT
# Completed on Mon Feb 12 13:04:04 2007
# Generated by iptables-save v1.2.11 on Mon Feb 12 13:04:04 2007
*mangle
:PREROUTING ACCEPT [18349:1826391]
:INPUT ACCEPT [17920:1776389]
:FORWARD ACCEPT [17:3326]
:OUTPUT ACCEPT [7922:1202714]
:POSTROUTING ACCEPT [7939:1206040]
COMMIT
# Completed on Mon Feb 12 13:04:04 2007
# Generated by iptables-save v1.2.11 on Mon Feb 12 13:04:04 2007
*filter
:INPUT ACCEPT [17920:1776389]
:FORWARD ACCEPT [17:3326]
:OUTPUT ACCEPT [7922:1202714]
COMMIT


192.168.3.184 - IP address of HN
10.0.0.5 - IP address of VE
22 - port, which sshd is running on. According to your messafe it is 8091 for you.

Then do
# service iptables restart


For further information read manuals on netfilter.org

Report message to a moderator

Re: ports and port forwarding [message #10206 is a reply to message #10191] Mon, 12 February 2007 16:53 Go to previous messageGo to next message
mora is currently offline  mora
Messages: 37
Registered: October 2006
Member
hello
im sorry for this but forgive that im not familiar with iptables rules

i have the following problem

i created a new VE and assigned a real ip , my resolver ip to it
i started the vps and i can ping google.com

i changed the real ip in the conf file to 10.0.0.5 and restarted the ve and when i ssh to 10.0.0.5 and run ping google.com i get ping: unknown host google.com

however my /etc/resolv.conf file is the same in both cases
should i change the ip in the nameserver value in the resolv.conf when i put a virtual and not a real ip ?

my os in node and ve is centos 4

Report message to a moderator

Re: ports and port forwarding [message #10215 is a reply to message #10206] Mon, 12 February 2007 21:29 Go to previous messageGo to next message
Vasily Tarasov is currently offline  Vasily Tarasov
Messages: 1345
Registered: January 2006
Senior Member
Hello,

The answer on this question is also iptables related. So, you see, how important this tool is for networking. Please, find time to study it a little Smile

If you assign private IP address to VE you should use NAT to give this VE an access to Internet. Look at this article: http://wiki.openvz.org/Using_NAT_for_VE_with_private_IPs

HTH,
Vasily

Report message to a moderator

Re: ports and port forwarding [message #10227 is a reply to message #10215] Mon, 12 February 2007 23:30 Go to previous message
mora is currently offline  mora
Messages: 37
Registered: October 2006
Member
Thanks
this have been solved Smile

Report message to a moderator

Previous Topic: *SOLVED* diskspace no more than 40 GB
Next Topic: VPS -> HN having problems communicating
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Fri Sep 13 19:31:11 GMT 2024

Total time taken to generate the page: 0.04952 seconds
Powered by FUDforum Powered by Virtuozzo Containers