Hi,
I have been struggling for a while now and I cannot figure it out.
First, the setting;
Node has 2 bridged connection, one is bridged to physical NIC, which goes out to the web (vmbr0).
Second bridge (vmbr1) is not bridged to anything but has a IP 10.20.30.1.
So, I have two CT's. Lets call first one A and the second B.
CT A has two interfaces, IP for eth0 globally assigned by my ISP (vmbr0).
eth1 (vmbr1) has an IP of 10.20.30.2.
CT B has one interface and has IP of 10.20.30.3 (vmbr1).
Both of the CT's can ping each other and they can also ping the node and the other way around. So, this connections works.
Problem;
I would like to access CT B from the web via CT A using port forwarding.
This iptables rule should do the trick, but it does not:
Any ideas?
Btw, when I executed the iptables rule, I got an error
I added iptables_nat to /etc/vz/vz.conf on the Node, rebooted and than the rule executed w/o any problem, but it still does not work.
I know that this rule works on the Node, so I could access it like that, but I really want to not touch a Node too much, I want to do this on a CT.
I also tried this by replacing CT A with the actual Debian VM, but it also did not work.
Addition,
if I execute this rule on CT A
And set gateway to 10.20.30.2 on CT B, I can access the web from CT B.
I have been struggling for a while now and I cannot figure it out.
First, the setting;
Node has 2 bridged connection, one is bridged to physical NIC, which goes out to the web (vmbr0).
Second bridge (vmbr1) is not bridged to anything but has a IP 10.20.30.1.
So, I have two CT's. Lets call first one A and the second B.
CT A has two interfaces, IP for eth0 globally assigned by my ISP (vmbr0).
eth1 (vmbr1) has an IP of 10.20.30.2.
CT B has one interface and has IP of 10.20.30.3 (vmbr1).
Both of the CT's can ping each other and they can also ping the node and the other way around. So, this connections works.
Problem;
I would like to access CT B from the web via CT A using port forwarding.
This iptables rule should do the trick, but it does not:
Code:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8081 -j DNAT --to-destination 10.20.30.3:80Any ideas?
Btw, when I executed the iptables rule, I got an error
Code:
can't initialize iptables table `nat': Table does not exist (do you need to insmod?I know that this rule works on the Node, so I could access it like that, but I really want to not touch a Node too much, I want to do this on a CT.
I also tried this by replacing CT A with the actual Debian VM, but it also did not work.
Addition,
if I execute this rule on CT A
Code:
iptables -t nat -A POSTROUTING -s '10.20.30.0/24' -o eth0 -j MASQUERADE