Hi,
still it does not work :(
Here now what I am trying at the moment:
HOST: VSERVER on HOST:
Interface: IPs: (NAT) vserver: vserver-IP:
eth0 A.B.C.1 <--> vs1 192.168.1.1
eth0:1 A.B.C.2 <--> vs2 192.168.1.2
eth0:2 A.B.C.3 <--> vs3 192.168.1.3
'A.B.C.[1..3]' have a DNS entry.
If the IP 'A.B.C.1' is used in the browser of another pc the user should end
up seeing the webpages stored at server 'vs1' with ip '192.168.1.1'.
These are NAT-rules used:
'iptables -A POSTROUTING -t nat -s 192.168.1.[1..3] -d 0/0 -j SNAT --to
A.B.C.[1..3]'
BUT when I start a vserver a new interface on HOST is assigned (e.g.:
'eth0:vs[1..3]' with IPs '192.168.1.[1..3]') and when I try to connect to the
vserver-IP ('A.B.C.[1..3]') I end up on the HOST-computer and not on the
vserver. I think the problem lies in the fact that I cannot assign the IPs
'192.168.1.[1..3]' to the vservers without these IPnumbers being assigned to
the interface ('eth0') of the HOST. Is there anything one may do to chnage
this or am I thinking in th ewrong direction?
Gtreethings and many thanks so far,
Debby
Am Mittwoch 19 Februar 2003 12:47 schrieben Sie:
> well, you have to set up a port forward for that ip (or are you filtering
> the port?)
>
> I didnt quite understand, your root server and vservers are on the same
> network?
> Did you meant with 192.168.x.y that both of them have a equal "x" value?
> heheh
>
> If you have something like this:
>
> [Internet] <-> [Root server] <-> [Vserver]
> -the root server can acess the vserver and the internet
> -the internet can only acess the vserver
> -the vserver can acess the root server and the internet
>
> if you want "the internet" to be able to access some ports on the vserver,
> you should set up a port forwarding for those ports on the root server.
>
> You can try something like this on the root server:
> iptables -A PREROUTING -t nat -p tcp -d insert.root.server.ip --dport 80 -j
> DNAT --to insert.vserver.ip.here
> iptables -A FORWARD -p tcp -d insert.vserver.ip.here --dport 80 -j ACCEPT
>
> *but*...if you have something like this:
>
> [network 192.168.1.x] -> [root server with ip 192.168.1.254 and
> 192.168.2.254] -> [vserver on network 192.168.2.x]
>
> if you want everybody on network 192.168.1.x to *transparently* access the
> network 192.168.3.x you should set up masquerading on the root server and
> add a route on the "network 192.168.1.x" machines.
>
> Try something like this on network 192.168.1.x:
> route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.254
>
> Best regards,
> +-----------------------------------------
>
> | Lu�s Miguel Silva
> | Network Administrator@ ISPGaya.pt
> | Rua Ant�nio Rodrigues da Rocha, 291/341
> | Sto. Ov�dio � 4400-025 V. N. de Gaia
> | Portugal
> | T: +351 22 3745730/3/5 F: +351 22 3745738
> | G: +351 93 6371253 E: [EMAIL PROTECTED]
> | H: http://lms.ispgaya.pt/
>
> +-----------------------------------------
>
> -----Mensagem original-----
> De: Debby [mailto:[EMAIL PROTECTED]]
> Enviada: quarta-feira, 19 de Fevereiro de 2003 9:26
> Para: [EMAIL PROTECTED]
> Assunto: [vserver] How to access the different services (ssh, apache,
> ...) on a vserver from the outside?
>
>
> Hi guys,
>
> thanks to Luis Miguel Silva`s help (iptables -A POSTROUTING -t nat -s
> insert.vserver.ip -d 0/0 -j SNAT --to insert.internet.ip) I can now access
> the internet from within a vserver - BUT I cannot access the vserver(s)
> from outside the host-computer. The host IP and the IPs of the vservers are
> in the
> same IP-range (192.168.x.y). Does anyone know how to access the different
> services (ssh, apache, ...) on a vserver from the outside? What things have
> to be set up/installed?
>
> Thanks,
> Debby
