I am setting up a server to be part of a cluster, and installing it with IPCop v2 firewall (as a KVM) to front other containers. However I'm getting really strange results when creating an OpenVZ container on this box....
I have colocated this server (single 1U box, with a ton of memory), and I want to run 5 or so OpenVZ containers on it. My data center has given me a block of IP addresses. My goal is to assign one to Proxmox (the host) and using /etc/hosts.allow/deny only access to it from a specific IP address. Then I will install IPCop v2 as a KVM on Proxmox. I set this up in a test lab, and got it working ok.
I created VMBR0 and VMBR1, with VMBR0 assigned to eth0 and VMBR1 not assigned to a port. I then assigned VMBR0 to the RED (WAN) interface for IPCop, and VMBR1 to the GREEN (LAN) interface. That was fine. I can log in via SSH to IPCop and ping addresses in both WAN and LAN just fine.
I then created my first OpenVZ container (CentOS5), and with a single IP on the LAN side and tied it to VMBR1. I will do the same to other containers on this box, thereby creating something akin to a NAT behind IPCop.
That created just fine. I log in and update /etc/sysconfig/network-scripts for ifcg-venet0:0 and set it to the right subnet mask and gateway (the IPCop box). Then I restart the container.
Each time I return back to the container, it has reset my ifcg-venet0:0 back to the original settings (subnet mask 255.255.255.255 and no gateway)? Why is it replacing my updated file with one of its own on reboot?
Myles
I have colocated this server (single 1U box, with a ton of memory), and I want to run 5 or so OpenVZ containers on it. My data center has given me a block of IP addresses. My goal is to assign one to Proxmox (the host) and using /etc/hosts.allow/deny only access to it from a specific IP address. Then I will install IPCop v2 as a KVM on Proxmox. I set this up in a test lab, and got it working ok.
I created VMBR0 and VMBR1, with VMBR0 assigned to eth0 and VMBR1 not assigned to a port. I then assigned VMBR0 to the RED (WAN) interface for IPCop, and VMBR1 to the GREEN (LAN) interface. That was fine. I can log in via SSH to IPCop and ping addresses in both WAN and LAN just fine.
I then created my first OpenVZ container (CentOS5), and with a single IP on the LAN side and tied it to VMBR1. I will do the same to other containers on this box, thereby creating something akin to a NAT behind IPCop.
That created just fine. I log in and update /etc/sysconfig/network-scripts for ifcg-venet0:0 and set it to the right subnet mask and gateway (the IPCop box). Then I restart the container.
Each time I return back to the container, it has reset my ifcg-venet0:0 back to the original settings (subnet mask 255.255.255.255 and no gateway)? Why is it replacing my updated file with one of its own on reboot?
Myles