Also, i don't remeber print routes tables. As i see, it's true (becouse on old HN this rules work):
[r...@test-dns ~]# ip r ls 192.0.2.0/24 dev venet0 scope host 169.254.0.0/16 dev venet0 scope link default via 192.0.2.1 dev venet0 [r...@test-dns ~]# VE with old Hardware node, SNAT/MASQUARED work: [r...@compilled_centos SPECS]# /sbin/ip r ls 192.0.2.0/24 dev venet0 scope host 169.254.0.0/16 dev venet0 scope link default via 192.0.2.1 dev venet0 2009/12/20 Galia Lisovskaya <in...@shaggy-cat.ru>: > Hello Sergej, > Thank you for answer, > >> Plz read more carefully this link. It contain all info about setting up nat >> on the openvz HN. >> http://wiki.openvz.org/Using_NAT_for_VE_with_private_IPs > > I read this guide very more count :( > >> You just need to have next iptables rules >> iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/16 -j MASQUERADE >> or >> #iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/16 -j SNAT --to-source >> $FORWARDIP # internal containers >> if you want to have SNAT to specified source. >> In this samples 10.0.0.0/16 is my internal network for VEs. > > It does'nt work for me :( > > [r...@ovz-test2 ~]# iptables -t nat -A POSTROUTING -o eth0 -s > 10.0.5.0/24 -j MASQUERADE > > [r...@ovz-test2 ~]# vzlist > CTID NPROC STATUS IP_ADDR HOSTNAME > 401 8 running 10.0.5.41 customer11.vps.local > 402 12 running 10.0.5.42 customer12.vps.local > 404 18 running 10.0.5.44 customer14.vps.local > 406 12 running 10.0.5.46 customer16.vps.local > 407 14 running 10.0.5.47 test-dns.local > > [r...@ovz-test2 ~]# vzctl exec 407 ping -c 1 google.com > PING google.com (74.125.77.104) 56(84) bytes of data. > From ovz-test2.local (10.0.5.128) icmp_seq=1 Destination Net Unreachable > > --- google.com ping statistics --- > 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms > > >> Also you should have >> net.ipv4.ip_forward = 1 >> which is default for openvz installations. > > In my last message i wrote my sysctl: > > [r...@ovz-test2 ~]# sysctl -p > net.ipv4.conf.default.forwarding = 1 > net.ipv4.conf.default.proxy_arp = 0 > net.ipv4.ip_forward = 1 > net.ipv4.conf.all.rp_filter = 1 > kernel.sysrq = 1 > net.ipv4.conf.default.send_redirects = 1 > net.ipv4.conf.all.send_redirects = 0 > [r...@ovz-test2 ~]# > > > > -- > Galina Lisovskaya > -- Galina Lisovskaya _______________________________________________ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
