#summary OpenVZ container NAT networking

These instructions come from [http://wiki.openvz.org/Using_NAT_for_VE_with_private_IPs]

= NAT networking for a node =
Follow these instructions to get a node communicating with the outside world.

Example:
{{{
   n3(router)---------------------n7(hub)
   eth0: 10.0.0.3/24              vzbrn7: 10.0.0.1/24

   host's external IP address: 123.4.50.6
   host's nameserver: 123.4.50.1
}}}


 # Place a hub or switch node in CORE and link it to the router/PC/host node that you want to connect to the external network. In the example shown here, node n3 is linked to hub n7, and n3 has the IP address 10.0.0.3/24.
 # Run the emulation. CORE will create a Linux bridge on the host having a name such as 'vzbrn7' if the hub is node 7.
 # Assign an IP address to the bridge. This address should belong to the same IP subnet as the node. In this example, 10.0.0.1/24 is used for the bridge vzbrn7 on the host.
 # Now the container should be able to ping the bridge interface: {{{ vzctl exec 1003 ping 10.0.0.1 }}}
 # Determine the interface and IP address of the host on the external network. In this example, the host has eth0 with the public address 123.4.50.6.
 # Add a NAT rule: {{{ iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j SNAT --to 123.4.50.6 }}}
 # Set the container's nameservers: {{{ cat /etc/resolv.conf > /vz/private/1003/etc/resolv.conf }}}
 # Set the container's default route. You may have to delete any existing default route. {{{ vzctl exec 1003 ip ro del default; vzctl exec 1003 ip ro add default via 10.0.0.1 }}}
 # Now the container should have NAT access to the outside world. You may now run commands such as {{{ yum }}} from inside the container.

{{{ 
root@n3# ping www.yahoo.com
PING www.yahoo.com (209.131.36.158) 56(84) bytes of data.
64 bytes from www.yahoo.com (209.131.36.158): icmp_seq=1 ttl=250 time=0.960 ms
64 bytes from www.yahoo.com (209.131.36.158): icmp_seq=2 ttl=250 time=1.09 ms
64 bytes from www.yahoo.com (209.131.36.158): icmp_seq=3 ttl=250 time=1.00 ms
64 bytes from www.yahoo.com (209.131.36.158): icmp_seq=4 ttl=250 time=1.35 ms
}}}