mess-mate wrote: > Tom Eastep wrote: > >> Martin Leben wrote: >> >>> If you have more questions about vserver networking, I am sure that >>> you would get better help on a mailing list or forum about vserver >>> where the vserver experts hang out, than you get on this list. >>> Remember, this is a list about the Shoreline Firewall (a.k.a. >>> shorewall), not about general Linux or vserver networking issues. >> I agree. OS virtualization solutions like Vserver and OpenVZ don't >> work like machine virtualization solutions like Xen and KVM. I use the >> latter, not the former. >> >> The way I _thought_ Vserver works, you could do what you want by >> changing the rule on your router to: >> >> DNAT $FW dmz:192.168.30.1 tcp 80 - $ETH0_IP >> >> That doesn't work? >> >> -Tom >> ------------------------------------------------------------------------ >> >> > No, i tryed it > mess-mate >
From your other post: 192.168.20.0/24 dev eth1 proto kernel scope link src 192.168.20.1 192.168.30.0/24 dev eth1 proto kernel scope link src 192.168.30.1 default via 192.168.20.254 dev eth1 If this is the routing of the troubled guest system (is it?), then the default gateway is wrong .... Your dnat'ing to 30.1 but that address doesn't have a route back to the internet. Change the default to 30.?? but your "router" doesn't have an ipaddress on 192.168.30.xx. just a route. The rule that you first asked about: iptables -t NAT -A POSTROUTING -s GUEST_IP -j SNAT --to-source HOST_IP I believe that should be on the vserver host.... to hide the fact that the routing is really broken. In your case: iptables -t NAT -A POSTROUTING -s 192.168.30.1 -j SNAT --to-source 192.168.20.1 in shorewall: eth1 192.168.30.1 192.168.20.1 tcp 80 You asked why when changing the dnat rule on the router the v-host still received the traffic, did you remember to bind the web servers to different ipaddresses? Thanks, I now have a headache from reading and shaking it.... Jerry ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
