OpenVZ Forum


Home » General » Support » 2.6.8 nat not work
2.6.8 nat not work [message #4136] Thu, 29 June 2006 11:56 Go to next message
m_o_d is currently offline  m_o_d
Messages: 4
Registered: May 2006
Junior Member
Hello
I have debian 3.1 with 2.6.8+patch-022stab078-combined.
On Host i have 1 public ip so for VEs i use 192.168.1.101 in host i add:
echo '1' > /proc/sys/net/ipv4/ip_forward


and in iptables:
IPT=/sbin/iptables
IPTF="$IPT -t filter"
IPTN="$IPT -t nat"
$IPTN -A POSTROUTING -s 192.168.1.0/24 -o eth4 -j SNAT --to ip
$IPTF -A FORWARD -i venet0 -s 192.168.1.0/24 -o eth4 -d 0/0 -j ACCEPT
$IPTF -A FORWARD -i eth4 -s 0/0 -o venet0 -d 192.168.1.0/24 -j ACCEPT


venet0 in host have ip 192.168.1.1:
1: venet0: <BROADCAST,POINTOPOINT,NOARP,UP> mtu 1500 qdisc noqueue
    link/void
    inet 192.168.1.1/24 brd 192.168.1.255 scope global venet0

and in VEs:
venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:192.168.1.101  P-t-P:192.168.1.101  Bcast:192.168.1.255  Mask:255.255.255.0

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 venet0
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 venet0


With that config i can ping from VEs public ip on host and from host ip on VEs, but if i want ping world don't work.

In iptables filter table on forward chain i saw incoming packet from VEs but the packet are not going to nat table:
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 SNAT       all  --  *      eth4    192.168.1.0/24       0.0.0.0/0           to:80.48.115.12
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 SNAT       all  --  *      eth4    192.168.1.0/24       0.0.0.0/0           to:80.48.115.12


PS. In /etc/modules.conf i have: 
options ip_conntrack ip_conntrack_enable_ve0=1


What i have done wrong ?

Report message to a moderator

Re: 2.6.8 nat not work [message #4156 is a reply to message #4136] Fri, 30 June 2006 08:06 Go to previous message
Vasily Tarasov is currently offline  Vasily Tarasov
Messages: 1345
Registered: January 2006
Senior Member
1) It seems that you have made something like
"ifconfig venet0..." on host and in VE. It's wrong. You don't have to do it! Routing is also done automaticaly. Just use the commands vzctl set --ipadd IP --save and similar!

2) Here is a small description, what I've done to get it all work:

a) Add "options ip_conntrack ip_conntrack_enable_ve0=1" to /etc/modprobe.conf and reload this module with modprobe.

b) My external IP is 192.168.0.239 on eth0. VE's IP is 10.0.0.2.
(If you have more than one interface don't forget to tune VE_ROUTE_SRC_DEV variable in /etc/vz/vz.conf as you wish)

vzctl set 200 --ipadd 10.0.0.2 --save
vzctl start 200

At this moment you can only ping HOST from VE (and back to front of course)

c) 
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.0.0.2 -o eth0 -j SNAT --to 192.168.0.239


After that I was able to ping "world" from VE.

If you'll have problems you can give me an access to the node, if possible, and I'll try to help.

Good luck!

Report message to a moderator

Previous Topic: *SOLVED* development kernel can not boot
Next Topic: Plesk 8 - Fedora Core 4 - Hostname Issue
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Fri Jul 19 14:20:20 GMT 2024

Total time taken to generate the page: 0.02342 seconds
Powered by FUDforum Powered by Virtuozzo Containers