Linuxcat.org

Full Version: Enable NAT and iptables on Virtuozzo container
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
To enable NAT and configure proper IPTABLES on customer’s vps it is necessary to add the following config lines and modules.

On HOST node you need to put the following line in file /etc/vz/vz.conf:

vi /etc/vz/vz.conf

IPTABLES=”ip_tables ipt_state ipt_multiport iptable_filter ipt_limit ipt_LOG ipt_REJECT ipt_REDIRECT ipt_conntrack ip_conntrack ip_conntrack_ftp ipt_owner ipt_recent ipt_tos iptable_mangle iptable_nat ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_MASQUERADE”

You need to apply all these modules on HOST machine. You can do it without HOST reboot by using modprobe command

/sbin/modprobe ip_tables
/sbin/modprobe ipt_state
/sbin/modprobe ipt_multiport
/sbin/modprobe iptable_filter
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_REDIRECT
/sbin/modprobe ipt_conntrack
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ipt_owner
/sbin/modprobe ipt_recent
/sbin/modprobe ipt_tos
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_TCPMSS
/sbin/modprobe ipt_tcpmss
/sbin/modprobe ipt_ttl
/sbin/modprobe ipt_length
/sbin/modprobe ipt_iprange
/sbin/modprobe ipt_MASQUERADE


On HOST node add the following line to VPS config file /etc/vz/conf/<CTID>.conf

vi /etc/vz/conf/<CTID>.conf

IPTABLES=”ip_tables ipt_state ipt_multiport iptable_filter ipt_limit ipt_LOG ipt_REJECT ipt_REDIRECT ipt_conntrack ip_conntrack ip_conntrack_ftp ipt_owner ipt_recent ipt_tos iptable_mangle iptable_nat ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_MASQUERADE”
Reference URL's