[COLOR=#000000][FONT=sans-serif]In addition, to make some services in container with private IP address be accessible from the Internet, DNAT (Destination Network Address Translation) should be configured on the [URL="https://openvz.org/Hardware_Node"]Hardware Node[/URL]. To perform a simple DNAT setup, execute the following command on the [URL="https://openvz.org/Hardware_Node"]Hardware Node[/URL]:
[/FONT][/COLOR]
# iptables -t nat -A PREROUTING -p tcp -d ip_address --dport port_num \
-i eth0 -j DNAT --to-destination ve_address:dst_port_num
[COLOR=#000000][FONT=sans-serif]where ve_address is an IP address of the container, dst_port_num is a tcp port which requires service use, ip_address is the external (public) IP address of your [URL="https://openvz.org/Hardware_Node"]Hardware Node[/URL], and port_num is a tcp port of [URL="https://openvz.org/Hardware_Node"]Hardware Node[/URL], which will be used for Internet connections to private container service. Note that this setup makes the service which is using port_num on the [URL="https://openvz.org/Hardware_Node"]Hardware Node[/URL] be unaccessible from the Internet. Also note that SNAT translation is required too.
[/FONT][/COLOR]
[COLOR=#000000][FONT=sans-serif]For example, if you need a web server in a container to be accessible from outside and, at the same time, keep a web server on the [URL="https://openvz.org/Hardware_Node"]Hardware Node[/URL] be accessible, use the following config:
[/FONT][/COLOR]
# iptables -t nat -A PREROUTING -p tcp -d ip_address --dport 8080 \
-i eth0 -j DNAT --to-destination ve_address:80
# iptables -t nat -A POSTROUTING -s ve_address -o eth0 -j SNAT --to ip_address
[COLOR=#000000][FONT=sans-serif]After applying this, you'll see container' web server at [URL]http://ip_address:8080/[/URL].[/FONT][/COLOR]