Changes

Jump to: navigation, search

Using NAT for container with private IPs

265 bytes added, 22:20, 12 September 2015
no edit summary
=== IP conntracks ===
 
'''IP connection tracking should be enabled for CT0'''. For recent OpenVZ kernels (2.6.9 and later) connection tracking for CT0 is enabled by default, but it can be disabled by vzctl 4.7 and newer (because it has a negative impact on venet performance, see {{Bug|2755}}). So, make sure there is '''NO''' line like
<pre>net.ipv4.conf.default.forwarding=1
net.ipv4.conf.all.forwarding=1</pre>
 
If you use OpenVZ 7/Virtuozzo 7 and want to manage iptables through iptables-services you must disable firewalld and enable iptables.
 
# systemctl stop firewalld
# systemctl mask firewalld
# yum install iptables-services
# systemctl enable iptables
== How to create the container and attach network properties to it ==
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
To === Save new iptables rules === Do not forget to save your new iptables rules:
# service iptables save
# service iptables restart
=== Firewall ===
# iptables -A RH-Firewall-1-INPUT -s 192.168.2.0/24 -j ACCEPT
# iptables-save > /etc/sysconfig/iptables # service iptables restart 
=== Test ===
Vporokhov
91
edits
Retrieved from "https://wiki.openvz.org/Special:MobileDiff/17654"

Navigation menu