Hi there,
I have a problem with my configuration. Basically the vmbr0 has OpenVZ containers which are working as intended. I added a new KVM which I want to use on a different subnet and after reading for days I cannot come up with a working configuration. I think it has something todo with how OpenVZ and KVM do their network. Here is my configuration on my host - the VMs have the correct IPs:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address public.host.ip.address.
netmask 255.255.255.0
gateway public.gateway.ip.address
post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
auto vmbr0
iface vmbr0 inet static
address 192.168.142.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.142.0/24' -o eth0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.142.0/24' -o eth0 -j MASQUERADE
# OpenVZ container Server1 which is rechable
post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j DNAT --to 192.168.142.100:22
post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 22 -j DNAT --to 192.168.142.100:22
post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.142.100:80
post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.142.100:80
# OpenVZ container Server2 which is reachable and works as intended
post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1024 -j DNAT --to 192.168.142.101:1024
post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 1024 -j DNAT --to 192.168.142.101:1024
auto vmbr1
iface vmbr1 inet static
address 192.168.242.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.242.0/24' -o eth0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.242.0/24' -o eth0 -j MASQUERADE
# KVM Server not reachable
post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2022 -j DNAT --to 192.168.242.242:22
post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 2022 -j DNAT --to 192.168.242.242:22
Would be awesome if someone could have a look at this please?
Thank you in advance.
I have a problem with my configuration. Basically the vmbr0 has OpenVZ containers which are working as intended. I added a new KVM which I want to use on a different subnet and after reading for days I cannot come up with a working configuration. I think it has something todo with how OpenVZ and KVM do their network. Here is my configuration on my host - the VMs have the correct IPs:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address public.host.ip.address.
netmask 255.255.255.0
gateway public.gateway.ip.address
post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
auto vmbr0
iface vmbr0 inet static
address 192.168.142.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.142.0/24' -o eth0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.142.0/24' -o eth0 -j MASQUERADE
# OpenVZ container Server1 which is rechable
post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j DNAT --to 192.168.142.100:22
post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 22 -j DNAT --to 192.168.142.100:22
post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.142.100:80
post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.142.100:80
# OpenVZ container Server2 which is reachable and works as intended
post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1024 -j DNAT --to 192.168.142.101:1024
post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 1024 -j DNAT --to 192.168.142.101:1024
auto vmbr1
iface vmbr1 inet static
address 192.168.242.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.242.0/24' -o eth0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.242.0/24' -o eth0 -j MASQUERADE
# KVM Server not reachable
post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2022 -j DNAT --to 192.168.242.242:22
post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 2022 -j DNAT --to 192.168.242.242:22
Would be awesome if someone could have a look at this please?
Thank you in advance.