OpenVZ - VM Natted through another VM with internet access

P

pichinep

New Member
Mar 19, 2012
2
0
1
Hi everyone, i've tired of searching and searching and no answer founds... My goal is the next:

HOST: Proxmox server, with internet access directly. (PUB_IP1)

VM1: CT inside HOST with bridged IP (venet), and direct internet connection and another IP (venet) with local address (PUB_IP2, LOC_IP1)

VM1.2: CT inside HOST with local address (venet) (LOC_IP2)

So my answer is... How can i make, that VM1.2, access internet through VM1...

Thanks, i hope to be clear...
 
The complication here is CTs and iptables. Also Bridged != venet. VENET is layer3, VETH is bridged. In this case you'll probably need to use VETH for your CTs.
There's 3 ways I can think of doing it:
1)
On VM1.2: First off use VETH (bridged) instead. Then connect it to the same bridge as VM1 (LOC_IP). Then just configure VM1.2 to use VM1(LOC_IP1) as it's default Gateway.
On VM1: Configure NAT in the guest CT to function for VM1.2. You need to add the iptables modules in the vz conf file in order to do this.
2)
Given that iptables in CTs isn't feature complete, you could setup a small KVM virtual running a routing distro (pfsense/ipcop/vyatta/whatever). Set it up as a router and bridge both VMs with it configured as default gateway.
3)
Use the Host system firewall. Configure so that it has both PUB_IP1 and PUB_IP2 (use ip aliasing). Then setup the host iptables to NAT to LOC_IP1 and LOC_IP2 (which can be venet or veth).
 
Thank you very much!!! i've used the first option you said me... and it works...

Thank you again!! :D

Stewge said:
The complication here is CTs and iptables. Also Bridged != venet. VENET is layer3, VETH is bridged. In this case you'll probably need to use VETH for your CTs.
There's 3 ways I can think of doing it:
1)
On VM1.2: First off use VETH (bridged) instead. Then connect it to the same bridge as VM1 (LOC_IP). Then just configure VM1.2 to use VM1(LOC_IP1) as it's default Gateway.
On VM1: Configure NAT in the guest CT to function for VM1.2. You need to add the iptables modules in the vz conf file in order to do this.
2)
Given that iptables in CTs isn't feature complete, you could setup a small KVM virtual running a routing distro (pfsense/ipcop/vyatta/whatever). Set it up as a router and bridge both VMs with it configured as default gateway.
3)
Use the Host system firewall. Configure so that it has both PUB_IP1 and PUB_IP2 (use ip aliasing). Then setup the host iptables to NAT to LOC_IP1 and LOC_IP2 (which can be venet or veth).
Click to expand...
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back