6,534
edits
Changes
m
More VPS -> VE, fixed long commands in →How to provide access from Internet to a VE
In addition, to make some services in VE with private IP address be accessible from the Internet, DNAT (Destination Network Address Translation) should be configured on the [[Hardware Node]]. To perform a simple DNAT setup, execute the following command on the [[Hardware Node]]:
<pre>
# iptables -t nat -A PREROUTING -p tcp -d ip_address --port port_num \ -i eth0 -j DNAT --to-destination vps_addressve_address:dst_port_num
</pre>
where <tt>vps_addressve_address</tt> is an IP address of the VE, <tt>dst_port_num</tt> is a tcp port which requires service use, <tt>ip_address</tt> is the external (public) IP address of your [[Hardware Node]], and <tt>port_num</tt> is a tcp port of [[Hardware Node]], which will be used for Internet connections to private VE service. Note that this setup makes the service which is using <tt>port_num</tt> on the [[Hardware Node]] be unaccessible from the Internet. Also note that SNAT translation is required too.
For example, if you need a web server in a VE to be accessible from outside and, at the same time, keep a web server on the [[Hardware Node]] be accessible, use the following config:
<pre>
# iptables -t nat -A PREROUTING -p tcp -d ip_address -p 8080 \ -i eth0 -j DNAT --to-destination vps_addressve_address:80# iptables -t nat -A POSTROUTING -s vps_address ve_address -o eth0 -j SNAT --to ip_address
</pre>
After applying this, you'll see VPSVE' web server at <nowiki>http://ip_address:8080/</nowiki>.
The <tt>iptables</tt> utility allows to set up more complex rules for Network Address Translation, involving various protocols and ports. If you wish to get more information on this, consult the numerous Internet sites (e.g. [http://www.netfilter.org netfilter.org]) and tutorials devoted to this issue.
