[Users] Re: NAT inside a container?

Benjamin Henrion bh at udev.org
Tue Sep 7 10:48:12 EDT 2010

On Tue, Sep 7, 2010 at 3:25 PM, Benjamin Henrion <bh at udev.org> wrote:
> Hi,
> I wanted to NAT 2 networks, one is a VPN with TUN, the other is the internet.
> ==========================================================
> [CT121]# iptables -t nat -L
> WARNING: Deprecated config file /etc/modprobe.conf, all config files
> belong into /etc/modprobe.d/.
> FATAL: Module ip_tables not found.
> iptables v1.4.8: can't initialize iptables table `nat': Table does not
> exist (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.
> ==========================================================
> Do you know if it is possible to use NAT inside a container?

I have just added this to my /etc/vz/vz.conf:

IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport
ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG
ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc
ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc

And restarted the CT121, no need to restart with /etc/init.d/vz restart.

Benjamin Henrion <bhenrion at ffii.org>
FFII Brussels - +32-484-566109 - +32-2-4148403
"In July 2005, after several failed attempts to legalise software
patents in Europe, the patent establishment changed its strategy.
Instead of explicitly seeking to sanction the patentability of
software, they are now seeking to create a central European patent
court, which would establish and enforce patentability rules in their
favor, without any possibility of correction by competing courts or
democratically elected legislators."

More information about the Users mailing list