Scientific Linux Forum.org



  Reply to this topicStart new topicStart Poll

> Iptables rules for OpenVZ
John Cuppi
 Posted: Jun 2 2013, 03:09 PM
Quote Post


SLF Admin Team
***

Group: Admins
Posts: 144
Member No.: 15
Joined: 10-April 11









I've been playing with OpenVZ on SL 6.x and everything works nicely except I can't get the iptables rules set up correctly. I can only access the container if it's turned off. And the container can only access the internet if iptables is turned off as well, so inbound/outbound is dead to the world.

Anyone ever worked with this and had the same problem? I tried reading the OpenVZ wiki pages about how to configure iptables but it's over my head.

CODE
[root@testbox Desktop]# cat /proc/sys/net/ipv4/ip_forward
1


Is set to that, by the way.
PMUsers Website
^
helikaon
 Posted: Jun 25 2013, 01:12 PM
Quote Post


SLF Administrator
*******

Group: Admins
Posts: 836
Member No.: 4
Joined: 8-April 11









QUOTE (Jcink @ Jun 2 2013, 03:09 PM)
I've been playing with OpenVZ on SL 6.x and everything works nicely except I can't get the iptables rules set up correctly. I can only access the container if it's turned off. And the container can only access the internet if iptables is turned off as well, so inbound/outbound is dead to the world.

Anyone ever worked with this and had the same problem? I tried reading the OpenVZ wiki pages about how to configure iptables but it's over my head.

CODE
[root@testbox Desktop]# cat /proc/sys/net/ipv4/ip_forward
1


Is set to that, by the way.


Hi,
have you got this solved?
Just question, why to use this over KVM?

btw i googled this:
Things known not to work on OpenVZ:

ipsec, any
netfilter's ipset
netfilter's nfnetlink
netfilter's ip_conntrack_pptp
cachefs (potentially in post-2.6.19 kernels?)
selinux
cifs filesystem
file acls (setfacl/getfacl)
loopback mount (mount -o loop)

cheers,

--------------------
PMEmail Poster
^
John Cuppi
 Posted: Jun 30 2013, 08:44 PM
Quote Post


SLF Admin Team
***

Group: Admins
Posts: 144
Member No.: 15
Joined: 10-April 11









It was just an experiment really but no I never got it fixed.

OpenVZ is extremely popular in the low end VPS market right now. I just wanted to learn more about it and try it out.

KVM is more robust because it's real virtualization, but OpenVZ is like a container-style system. So you can't run a custom kernel if you wish but so many VPS customers don't have a need for this and it has so much less overhead, so OpenVZ tends to be a major choice in this market.
PMUsers Website
^
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll