OpenVZ Forum: Support » *SOLVED* Unable to set iptables on running VE

Home » General » Support » *SOLVED* Unable to set iptables on running VE

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

*SOLVED* Unable to set iptables on running VE [message #12987]

Wed, 16 May 2007 17:17

pringleso
Messages: 7
Registered: May 2007

Junior Member

hello,

I want to give VPN access through a VE, but the only problem i'm having is that i can't NAT inside the VE.

Refering to this thread http://forum.openvz.org/index.php?t=msg&goto=11904&& amp; amp; amp; amp; amp; amp; amp;srch=nat+inside+ve#msg_11904

I tried

[root@myServer ~]# vzctl set 111 --iptables iptable_nat --save
Unable to set iptables on running VE
Saved parameters for VE 111

myServer=HN

:'(

[root@myServer ~]# lsmod | grep ^iptable_nat
iptable_nat            26296  1

can anybody help?

thanks

edit:

added iptable_nat to vz.conf but doesnt make a diff

[root@fc61484 vz]# cat vz.conf
## Global parameters
VIRTUOZZO=yes
LOCKDIR=/vz/lock
DUMPDIR=/vz/dump
VE0CPUUNITS=15000

## Logging parameters
LOGGING=yes
LOGFILE=/var/log/vzctl.log
LOG_LEVEL=0
VERBOSE=0

## Disk quota parameters
DISK_QUOTA=yes
VZFASTBOOT=no

# The name of the device whose ip address will be used as source ip for VE.
# By default automatically assigned.
#VE_ROUTE_SRC_DEV="eth0"

## Template parameters
TEMPLATE=/vz/template

## Defaults for VEs
VE_ROOT=/vz/root/$VEID
VE_PRIVATE=/vz/private/$VEID
CONFIGFILE="vps.basic"
DEF_OSTEMPLATE="fedora-core-4"

## Load vzwdog module
VZWDOG="no"
IPV6="no"

IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length iptable_nat"

then restarted /etc/init.d/vz fine

[root@myServer ~]# vzctl set 111 --iptables iptable_nat --save
Unable to set iptables on running VE
Saved parameters for VE 111

[root@myServer]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.111   0.0.0.0         255.255.255.255 UH    0      0        0 venet0
216.x.x.x    0.0.0.0         255.255.255.128 U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         216.x.x.x    0.0.0.0         UG    0      0        0 eth0

inside the VE:

root@vps111:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.0.2.1       0.0.0.0         255.255.255.255 UH    0      0        0 venet0
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
0.0.0.0         192.0.2.1       0.0.0.0         UG    0      0        0 venet0

root@vps111:~# iptables -t nat -A POSTROUTING -s 10.8.0.6 -o eth0 -j SNAT --to 192.0.2.1
root@vps111:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.0.2.1       0.0.0.0         255.255.255.255 UH    0      0        0 venet0
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
0.0.0.0         192.0.2.1       0.0.0.0         UG    0      0        0 venet0

10.8.0.6 is the ip given to a computer on the vpn, the VE is able to ping the computer connected via vpn and vice versa.

[Updated on: Fri, 18 May 2007 07:31] by Moderator

Report message to a moderator

[Message index]

		SOLVED Unable to set iptables on running VE By: pringleso on Wed, 16 May 2007 17:17
		Re: Unable to set iptables on running VE By: Vasily Tarasov on Thu, 17 May 2007 10:51

Previous Topic:	SOLVED How to secure /tmp?
Next Topic:	OPENVPN user/pass Authentication on OpenVZ

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Fri Apr 19 06:03:15 GMT 2024

Total time taken to generate the page: 0.01759 seconds