| Running VEs on a Strato Hostsystem with natted public->private ip-addresses [message #9675] |
Tue, 16 January 2007 16:50  |
BAzfH
Messages: 2
Registered: January 2007
Location: Moenchengladbach, DE
|
Junior Member |
|
|
Hi,
i am having a problem I am stuck on with Openvz. First of all some pre-information that i find to be useful:
Host OS: Debian Etch (4.0 / testing)
Host Kernel: 2.6.18-1-openvz (patched with kernel-patch-openvz from debian/testing archive)
Host Interfaces:
eth0: X.X.X.X (public address)
eth0:0: Y.Y.Y.Y (public address)
The setup I desire is to have is: a VE inside openvz running Debian Etch, serving some services which are to be available on the
eth0:0's ip-address. This should be achieved by doing some SNAT for outgoing traffic and some DNAT for incoming traffic on some specific ports. Therefore i thin venet is the best choice for me, also because i maybe would like to switch to have more then one VE, each providing *one* specific service.
So what i do is:
1. Create a VE with an private ip-address (tried IP-Addresses in all of the three possible classes)
2. Add iptables-rules on the host system according to this documentation:
http://wiki.openvz.org/Using_NAT_for_VE_with_private_IPs
That does result in such messages when starting an VE:
arpsend: 10.0.0.101 is detected on another computer : 00:00:5e:00:01:02
Also network is *not* working. Inside of the VE i can do ICMP-flood other systems and getting replies, but i cannot do something more like e.g. connecting systems. It is not a DNS problem, cause I've checked that by connecting a specific service by its ip and port. I heard there may be a future enabled on the HSP switch for security concerns that is answering the arpsend request which results in the above error message. But i quiet don't understand why this switch does get info about my internal ip address? Isn't it possible to configure it so, that _only_ the host system is able to "see" these addresses? Switch does not need to, or am I wrong?
So what i want to know is: Is my approach right? Do i miss something? If you need more input to help me, feel free to ask for it. Did anyone setup openvz on a strato server who knows whats specific with Strato Servers who can guide me a bit?
Thanks in advance
Best Regards
Patrick / BAzfH
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
