[Users] Re: How to assign a public IP to a VE ? (SOLVED)
U.Mutlu
for-gmane at mutluit.com
Sun Oct 30 08:12:51 EDT 2011
Problem solved!
(problem was how to assign a public IP to a VE)
It was a firewall issue on the HN, because in my firewall script
the default iptables target for FORWARD was set to DROP. After changing
this to ACCEPT things work fine.
(now I must recheck my security guidelines on whether and which other
implications this change can have...)
Ie. the solution was to change this from
iptables -P FORWARD DROP
to
iptables -P FORWARD ACCEPT
(for testing one can of course also completeley disable the iptables firewall)
And do not assign the IP in question to the HN, rather just
let it assign/manage by vzctl when it creates/starts the VE.
This solution uses the default venet0 only, ie. no veth, no bridging etc.,
no "source routing via kernel routing table" etc., not even any additional normal routing! :-)
(Beware: there is much garbage info floating around on the net about the venet0 device;
maybe this is due to very old versions of vzctl used...)
My environment:
HN: Debian 6 (squeeze), but using a newer vzctl from either the upcoming Debian 7 (wheezy/testing)
or from http://download.openvz.org/utils/vzctl/current/; I've vzctl version 3.0.29.3.
Kernel: 2.6.32-5-openvz-amd64 (linux-image-2.6.32-5-openvz-amd64 from the debian repository)
VE: debian-6.0-i386-minimal from http://wiki.openvz.org/Download/template/precreated
(I so far tested only this one, the other ones should work too I think)
People still having problems setting up openvz can contact me (help @ mutluit.com)
if having a similar environment (ie. Debian 6 on HN+VE, using venet, not veth),
maybe I can help if time permits...
--
U.Mutlu
www.mutluit.com
More information about the Users
mailing list