Home » General » Discussions » Globally connected VE containers (How to do it,the REDHAT way)
| Globally connected VE containers [message #39608] |
Sun, 16 May 2010 16:03  |
lars.bailey
Messages: 38
Registered: April 2010
|
Member |
|
|
I have seen many threads on various forums,from OVZ users wanting
Internet connectivity for a VE.
I thought I would pass my method on here,and place this HOWTO on WIKI at a later time.
This is mainly FYI.
0.0 My assumptions
You have a globally connected network interface (eth0),a
internal network interface(eth1),you use static network configurations for both Node and VE,and you use REDHAT based
OS for the Node and VE.
1.0 VE containers that use the VENET adapter interface
On the Node server,make sure you have the following kernel
keys enabled in "/etc/sysctl,conf".
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
In a terminal shell,type;
setup
From the text based menu,select "Firewall configuration" and hit "Enter".
If you disabled the firewall during OpenVZ setup,select "enabled".
Disable "SElinux" and choose "Customize".
You should see a listing of known network devices on the Node.
From the list of "trusted" devices,select "VENET0".
Select the "VENET0" for "Masquerade".
Hit "OK".
Exit "setuptool".
Enter into the VE.
Type;
lynx www.openvz.org
and in a few seconds,you should be brought to the OVZ wiki.
2.0 VE containers that use non-bridged VETH adapters
To review how to setup non-bridged VE containers,you must use IP subnetting,and the VETH adapter interface,must be configured as the VE container's gateway.
On the Node server,make sure you have the following kernel
keys enabled in "/etc/sysctl,conf".
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
Create a static network configuration for the VETH adapter.
As example for VE 101;
DEVICE=veth101.0
TYPE=Ethernet
IPADDR=192.168.101.254
PREFIXLEN=24
ONBOOT=yes
Use "ifconfig",to comfirm that the VETH adapter has an IP address.
If not,use "ifdown vethXXX.0",then "ifup vethXXX.0".
This should give the VETH adapter its IP address.
From a terminal shell,type;
setup
From the text based menu,select "Firewall configuration" and hit "Enter".
If you disabled the firewall during OpenVZ setup,select "enabled".
Disable "SElinux",and choose "Customize".
You should see a list of known network devices.
Select the VETH adapter for the VE,as a "trusted" device.
Select the VETH adapter for "Masquerade".
Hit "OK".
Exit "setuptool".
Create a static network configuration for the VE.
A sample configuration;
DEVICE=eth0
TYPE=Ethernet
IPADDR=192.168.101.2
PREFIXLEN=24
GATEWAY=192.168.101.254
ONBOOT=yes
As a note,do not add any gateway directive in a VE's
"/etc/sysconfig/network" file,such as.
GATEWAY=A.B.C.D
Enter into the VE.
Type;
service network restart
Type;
ip route list
You should see the gateway address of the VETH adapter.
If you see "default eth0",check your network configurations.
This was taken directly from VE 101 on my Node server.
[root@moe /]# ip route show
192.168.101.0/24 dev eth0 proto kernel scope link src 192.168.101.1
169.254.0.0/16 dev eth0 scope link
default via 192.168.101.254 dev eth0
[root@moe /]#
Once you see the VE's gateway as the VETH adapter's IP,you should be able to "ping" the Node server's "default" gateway.
This is the "ping" results for "moe".
[root@moe /]# ping -c 3 192.168.1.254
PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
64 bytes from 192.168.1.254: icmp_seq=1 ttl=254 time=1.72 ms
64 bytes from 192.168.1.254: icmp_seq=2 ttl=254 time=0.787 ms
64 bytes from 192.168.1.254: icmp_seq=3 ttl=254 time=0.855 ms
--- 192.168.1.254 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.787/1.121/1.722/0.426 ms
[root@moe /]#
If you have successful pings to the Node server's gateway,type;
lynx www.openvz.org
and you should be brought up to the OVZ WIKI.
3.0 VE containers that use bridged Ethernet
Create a static Ethernet bridge,and give the bridge an IP address.
The rest of this section,I assume bridge ID "vzbr1".
DEVICE=vzbr1
TYPE=Bridge
IPADDR=192.168.99.254
PREFIXLEN=24
ONBOOT=yes
Check to make sure,you see a listing for the bridge in the
"/proc/sys/net/ipv4/conf" directory.
The Ethernet bridge,must exist here.
On the Node server,make sure you have the following kernel
keys enabled in "/etc/sysctl,conf".
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.vzbr1.proxy_arp = 1
Type;
setup
From the text based menu,select "Firewall configuration" and hit "Enter".
If you disabled the firewall during OpenVZ setup,select "enabled".
Disable "SElinux",and choose "Customize".
You should see a list of known network devices.
Select the Ethernet bridge,as a "trusted" device.
Select the Ethernet bridge for "Masquerade".
Hit "OK".
Exit "setuptool".
Add a route to the VE.
ip route add 192.168.101.1 via 192.168.99.254
Ping VE.
If you get a sucessful ping,save this in the Node server's
"/etc/rc.d/rc.local".
ip -4 ro flush scope global type unicast
ip -4 ro -s -s flush arp cache
ip route add 192.168.101.1 via 192.168.99.254
Enter into the VE.
Add a route to the Node server's default gateway.
ip route add 192.168.1.254 via 192.168.101.1
Ping the gateway IP address.
If you get a sucessful ping,type;
lynx www.openvz.org
in a few seconds,you should be brought up to the OVZ wiki.
If you get the OVZ webpage in LYNX,add this to the VE's
"/etc/rc.d/rc.local".
ip -4 ro flush scope global type unicast
ip -4 ro -s -s flush arp cache
ip route add 192.168.1.99 via 192.168.101.1
As a final note,the procedures will work for either a globally
connected Node,or a Node that has a next-hop router.
|
|
|
|
|
|
|
|
Goto Forum:
Current Time: Wed Sep 27 22:44:41 GMT 2023
Total time taken to generate the page: 0.02683 seconds
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
