32
edits
Changes
m
To make all IP addresses 2. For unknown reasons the above didn't work on a Debian host. The solution is to be translated by SNAT (not only the ones of [[VE]]s with private addresses), you should type the following stringdo it in an init.d script as follows:
# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to ip_addressmodprobe ip_conntrack ip_conntrack_enable_ve0=1
→How to provide access for VE to Internet
where <tt>src_net</tt> is a range of IP addresses of VEs to be translated by SNAT, and <tt>ip_address</tt> is the external IP address of your [[Hardware Node]]. Multiple rules are allowed, for example, in case you wish to specify several ranges of IP addresses. If you are using a number of physical network interfaces on the [[Hardware Node|Node]], you may need to specify a different interface for outgoing connections, e.g. <tt>-o eth2</tt>.
To make all IP addresses to be translated by SNAT (not only the ones of [[VE]]s with private addresses), you should type the following string:<pre># iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to ip_address</pre> {{Note|If the above is not working then check if one of the following solutions does the trick.}}1. If you are using stable (currently 2.6.8-based) kernel, then to enable SNAT for the VEs on your local network you need to explicitly enable connection tracking in [[VE0]].}}Make sure that the following string is present in the <tt>/etc/modprobe.conf</tt> file:
<pre>
options ip_conntrack ip_conntrack_enable_ve0=1
In case it is not, add this string to the file by means of any text editor (for example, vi). This setting is not needed for kernels more recent than 2.6.8, since connection tracking for [[VE0]] is enabled by default in those kernels.
<pre>
</pre>
Make sure that this module is loaded before any of the other iptables-modules ar loaded! Also remember that if this module is loaded without the option, unloading and reloading doesn't work! You need to reboot the computer.
== How to provide access from Internet to a VE ==
