hello,
I want to give VPN access through a VE, but the only problem i'm having is that i can't NAT inside the VE.
Refering to this thread http://forum.openvz.org/index.php?t=msg&goto=11904&& amp; amp; amp; amp; amp; amp; amp;srch=nat+inside+ve#msg_11904
I tried
[root@myServer ~]# vzctl set 111 --iptables iptable_nat --save
Unable to set iptables on running VE
Saved parameters for VE 111
myServer=HN
:'(
[root@myServer ~]# lsmod | grep ^iptable_nat
iptable_nat 26296 1
can anybody help?
thanks
edit:
added iptable_nat to vz.conf but doesnt make a diff
[root@fc61484 vz]# cat vz.conf
## Global parameters
VIRTUOZZO=yes
LOCKDIR=/vz/lock
DUMPDIR=/vz/dump
VE0CPUUNITS=15000
## Logging parameters
LOGGING=yes
LOGFILE=/var/log/vzctl.log
LOG_LEVEL=0
VERBOSE=0
## Disk quota parameters
DISK_QUOTA=yes
VZFASTBOOT=no
# The name of the device whose ip address will be used as source ip for VE.
# By default automatically assigned.
#VE_ROUTE_SRC_DEV="eth0"
## Template parameters
TEMPLATE=/vz/template
## Defaults for VEs
VE_ROOT=/vz/root/$VEID
VE_PRIVATE=/vz/private/$VEID
CONFIGFILE="vps.basic"
DEF_OSTEMPLATE="fedora-core-4"
## Load vzwdog module
VZWDOG="no"
IPV6="no"
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length iptable_nat"
then restarted /etc/init.d/vz fine
[root@myServer ~]# vzctl set 111 --iptables iptable_nat --save
Unable to set iptables on running VE
Saved parameters for VE 111
[root@myServer]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.111 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
216.x.x.x 0.0.0.0 255.255.255.128 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 216.x.x.x 0.0.0.0 UG 0 0 0 eth0
inside the VE:
root@vps111:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.0.2.1 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
0.0.0.0 192.0.2.1 0.0.0.0 UG 0 0 0 venet0
root@vps111:~# iptables -t nat -A POSTROUTING -s 10.8.0.6 -o eth0 -j SNAT --to 192.0.2.1
root@vps111:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.0.2.1 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
0.0.0.0 192.0.2.1 0.0.0.0 UG 0 0 0 venet0
10.8.0.6 is the ip given to a computer on the vpn, the VE is able to ping the computer connected via vpn and vice versa.
[Updated on: Fri, 18 May 2007 07:31] by Moderator
Report message to a moderator