OpenVZ Forum: Support » Using NAT for container with private IPs

Home » General » Support » Using NAT for container with private IPs

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Using NAT for container with private IPs [message #47460]

Sat, 11 August 2012 21:03

joaodrp
Messages: 1
Registered: August 2012

Junior Member

Hi,

I've installed OpenVZ for the first time, in a fresh CentOS 6.3 host server. Here are its details:

root@Server-1:~/ # uname -a                                                                                                            
Linux Server-1 2.6.32-042stab059.7 #1 SMP Tue Jul 24 19:12:01 MSK 2012 x86_64 x86_64 x86_64 GNU/Linux

root@Server-1:~/ # ifconfig                                                                            
eth0   ...
          inet addr:10.0.3.11  Bcast:10.0.3.255  Mask:255.255.255.0  
          ...

venet0 Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet6 addr: fe80::1/128 Scope:Link
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:12 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:3 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:876 (876.0 b)  TX bytes:1100 (1.0 KiB)

root@Server-1:~/ # cat /etc/resolv.conf
# Generated by NetworkManager
domain mylabdomain.com
search mylabdomain.com
nameserver 10.0.3.1

root@Server-1:~/ # cat /proc/sys/net/ipv4/ip_forward
1

After installing OpenVZ without problems I downloaded the CentOS 6 template and created my first VE:

root@Server-1:~/ # vzctl create 101 --ostemplate centos-6-x86_64 --config basic
root@Server-1:~/ # vzctl set 101 --onboot yes --hostname 101.mylabdoamin.com --ipadd 192.168.1.101 --searchdomain mylabdoamin.com --nameserver 10.0.3.1 --userpasswd root:XXXX --save
root@Server-1:~/ # vzctl start 101

Everything went smoothly and I can ping VE from host and ping host from VE. However I cannot reach the Internet (yum, ping, etc) from inside the VE (I've . Since I cannot control the LAN of my host (the machine is on my university lab), I cannot assign public IPs to it. I've read all the post in this forum with similar problems but I cant find a solution that works.

I've focused in the wiki.openvz.org/Using_NAT_for_container_with_private_IPs Wiki, but I get stuck in the "IP conntracks" section, because there is no /etc/modules.conf or /etc/modprobe.conf files in my host, I only see a /etc/modprobe.d/ directory with a bunch of sub directories and files. Are there updated instructions for this step?

Although not being able to complete that step, I've proceeded with the guide and done the following in the host:

root@Server-1:~/ # iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to 10.0.3.11

But then I get stuck again in iptables when trying to enable outgoing connections:

root@Server-1:~/ # iptables -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -j ACCEPT                     
iptables: No chain/target/match by that name.

When inspecting iptables rules I get:

root@Server-1:~/ # iptables -L    
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Can anyone help on this? I've been struggling to get my VE's with Internet connection all day and cant get it working.

Report message to a moderator