[Users] problems with SNAT/MASQUERADE

Galia Lisovskaya inbox at shaggy-cat.ru
Sun Dec 20 07:11:07 EST 2009 

Also, i don't remeber print routes tables. As i see, it's true
(becouse on old HN this rules work):

[root at test-dns ~]# ip r ls
192.0.2.0/24 dev venet0  scope host
169.254.0.0/16 dev venet0  scope link
default via 192.0.2.1 dev venet0
[root at test-dns ~]#

VE with old Hardware node, SNAT/MASQUARED work:

[root at compilled_centos SPECS]# /sbin/ip r ls
192.0.2.0/24 dev venet0  scope host
169.254.0.0/16 dev venet0  scope link
default via 192.0.2.1 dev venet0


2009/12/20 Galia Lisovskaya <inbox at shaggy-cat.ru>:
> Hello Sergej,
> Thank you for answer,
>
>> Plz read more carefully this link. It contain all info about setting up nat
>> on the openvz HN.
>> http://wiki.openvz.org/Using_NAT_for_VE_with_private_IPs
>
> I read this guide very more count :(
>
>> You just need to have next iptables rules
>> iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/16 -j MASQUERADE
>> or
>> #iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/16 -j SNAT --to-source
>> $FORWARDIP # internal containers
>> if you want to have SNAT to specified source.
>> In this samples 10.0.0.0/16 is my internal network for VEs.
>
> It does'nt work for me :(
>
> [root at ovz-test2 ~]# iptables -t nat -A POSTROUTING -o eth0 -s
> 10.0.5.0/24 -j MASQUERADE
>
> [root at ovz-test2 ~]# vzlist
>      CTID      NPROC STATUS  IP_ADDR         HOSTNAME
>       401          8 running 10.0.5.41       customer11.vps.local
>       402         12 running 10.0.5.42       customer12.vps.local
>       404         18 running 10.0.5.44       customer14.vps.local
>       406         12 running 10.0.5.46       customer16.vps.local
>       407         14 running 10.0.5.47       test-dns.local
>
> [root at ovz-test2 ~]# vzctl exec 407 ping -c 1 google.com
> PING google.com (74.125.77.104) 56(84) bytes of data.
> From ovz-test2.local (10.0.5.128) icmp_seq=1 Destination Net Unreachable
>
> --- google.com ping statistics ---
> 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
>
>
>> Also you should have
>> net.ipv4.ip_forward = 1
>> which is default for openvz installations.
>
> In my last message i wrote my sysctl:
>
> [root at ovz-test2 ~]# sysctl -p
> net.ipv4.conf.default.forwarding = 1
> net.ipv4.conf.default.proxy_arp = 0
> net.ipv4.ip_forward = 1
> net.ipv4.conf.all.rp_filter = 1
> kernel.sysrq = 1
> net.ipv4.conf.default.send_redirects = 1
> net.ipv4.conf.all.send_redirects = 0
> [root at ovz-test2 ~]#
>
>
>
> --
> Galina Lisovskaya
>



-- 
Galina Lisovskaya

More information about the Users mailing list