iptables PREROUTING on ISPC3 and OpenVZ
System: Debian Squeeze (node+VMs) + OpenVZ + 2xISPC3 (18.104.22.168, one VM-node and ISPC3 others) close to HowTos
(all with default ports)
All good on intranet... but.....
Long time back I started to use Pre-routing for external ports to have 2+ (physical) machines running under same IP:
Now I have tried to replicate idea to VMs, but phasing interesting :eek: problem - OpenVZ seems to forward my request to wrong IP (always node).
- ADSL-Router Port forward
5000-5099 => 192.168.xxx.1 (node)
5100-5199 => 192.168.xxx.2 (1st VM for ISPC3)
My idea was to Pre-route ports to original at high level (Node Firewall pre-chain), so I added to Node's firewall /etc/Bastille/firewall.d/pre-chain-split.sh test rules as root:
Same for ISPConfig3-console, all https://example.com:5103 (ment for Server goes to Node).
I tried to look into OpenVZ-wiki, but could not find yet Pre-routing advice
Also if I go ahead with "Setting up a HN-based firewall"-way, any special things I have to consider due ISPC3? Obviously VM-conf:s have to be cerated manually (which I wanted to avoid by using above shortcut).
still canīt get it running
Getting bit desperate, have tried to look thru several HowTo with google, but most of the talking about CTs without IP (which I have, but only one public-IP, thus redirect needed to use several servers for same (isolated) service)
(instead of "/etc/sysconfig/vz" edited "/etc/vz/vz.conf" with similar line
Also OpenVZ wiki looked thru....
Now (even if I tried to return all to org), pre-chain-split.sh does not forward eveno to node
|All times are GMT +2. The time now is 09:49.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.