Changes

Jump to: navigation, search

Using NAT for container with private IPs

154 bytes added, 21:34, 12 May 2014
put IP conttracks as a first prerequisite, improve description
Make sure that below prerequisites are met, otherwise it won't work for you!
 
=== IP conntracks ===
'''IP connection tracking should be enabled for CT0'''. For recent OpenVZ kernels (2.6.9 and later) connection tracking for CT0 is enabled by default, but it can be disabled by vzctl 4.7 and newer (because it has a negative impact on venet performance, see {{Bug|2755}}). So, make sure there is '''NO''' line like
 
options ip_conntrack ip_conntrack_disable_ve0=1
or
options nf_conntrack ip_conntrack_disable_ve0=1
 
in <code>/etc/modules.conf</code>, <code>/etc/modprobe.conf</code>, or any file under <code>/etc/modprobe.d/</code> (such as <code>/etc/modprobe.d/openvz.conf</code>). '''If there is such a line, please'''
# change <code>=1</code> to <code>=0</code>
# execute
echo 0 > /sys/module/nf_conntrack/parameters/ip_conntrack_disable_ve0
=== IP forwarding ===
<pre>net.ipv4.conf.default.forwarding=1
net.ipv4.conf.all.forwarding=1</pre>
 
=== IP conntracks ===
'''IP connection tracking should be enabled for CT0.'''
 
For recent OpenVZ kernels (2.6.9 and later) connection tracking for CT0 is enabled by default, but it can be disabled by vzctl (because it has a negative impact on venet performance). So, make sure there is '''no''' line like
 
options ip_conntrack ip_conntrack_disable_ve0=1
or
options nf_conntrack ip_conntrack_disable_ve0=1
 
in <code>/etc/modules.conf</code>, <code>/etc/modprobe.conf</code>, or any file under <code>/etc/modprobe.d/</code>. '''If there is such a line, please change <code>=1</code> to <code>=0</code>''' and reboot.
== How to provide access for container to Internet ==

Navigation menu