Difference between revisions of "Talk:Using NAT for container with private IPs"
(answered) |
(titled the questions) |
||
| Line 1: | Line 1: | ||
| + | == ip_conntrack_disable_ve0=1 == | ||
I was stumbling a lot with the configuration where allowing access to a service from outside, because I assumed that after adding the iptables DNAT rule, I could test the rule from the hardware node. The rule only works for packets send from outside. | I was stumbling a lot with the configuration where allowing access to a service from outside, because I assumed that after adding the iptables DNAT rule, I could test the rule from the hardware node. The rule only works for packets send from outside. | ||
| Line 14: | Line 15: | ||
[[User:Shaplov|Shaplov]] 10:27, 23 June 2007 (EDT) | [[User:Shaplov|Shaplov]] 10:27, 23 June 2007 (EDT) | ||
| + | : See, it tells there should be '''no''' line that '''disables''' conntrack. --[[User:Kir|Kir]] 14:09, 8 April 2009 (UTC) | ||
| + | |||
| + | == How to supply public IPs? == | ||
| − | |||
"Usually you supply public IP addresses to your containers"? How? [[User:Guaka|Guaka]] 14:03, 8 April 2009 (UTC) | "Usually you supply public IP addresses to your containers"? How? [[User:Guaka|Guaka]] 14:03, 8 April 2009 (UTC) | ||
: Well, by running <code>vzctl set $CTID --ipadd a.b.c.d --save</code> command --[[User:Kir|Kir]] 14:06, 8 April 2009 (UTC) | : Well, by running <code>vzctl set $CTID --ipadd a.b.c.d --save</code> command --[[User:Kir|Kir]] 14:06, 8 April 2009 (UTC) | ||
Revision as of 14:09, 8 April 2009
ip_conntrack_disable_ve0=1
I was stumbling a lot with the configuration where allowing access to a service from outside, because I assumed that after adding the iptables DNAT rule, I could test the rule from the hardware node. The rule only works for packets send from outside.
I added some text about it now, but maybe someone could rephrase it more nicely.
For OpenVZ kernels later than 2.6.8, connection tracking for VE0 is enabled by default. However, make sure there is no line like options ip_conntrack ip_conntrack_disable_ve0=1
It seems to me that here must be =0 ??? Or not?
Shaplov 10:27, 23 June 2007 (EDT)
- See, it tells there should be no line that disables conntrack. --Kir 14:09, 8 April 2009 (UTC)
How to supply public IPs?
"Usually you supply public IP addresses to your containers"? How? Guaka 14:03, 8 April 2009 (UTC)
- Well, by running
vzctl set $CTID --ipadd a.b.c.d --savecommand --Kir 14:06, 8 April 2009 (UTC)
