#summary OpenVZ container NAT networking These instructions come from [http://wiki.openvz.org/Using_NAT_for_VE_with_private_IPs] = NAT networking for a node = Follow these instructions to get a node communicating with the outside world. == vznat.sh script == You can run the `vznat.sh` script included with CORE to automatically give a container NAT access, so you can run `yum` for example. {{{ vznat.sh 1000 ... vzctl enter 1000 PING www.yahoo.com (209.131.36.158) 56(84) bytes of data. 64 bytes from www.yahoo.com (209.131.36.158): icmp_seq=1 ttl=250 time=0.960 ms 64 bytes from www.yahoo.com (209.131.36.158): icmp_seq=2 ttl=250 time=1.09 ms }}} The script defaults to using the host interface eth0, and container interface of eth0 (with corresponding vethNNNN.0 on the host). The script uses the private subnet 192.168.9.0/24. You can change any of these parameters by editing the top of the script. == manual == Here is another way to manually setup NAT networking, using a hub within CORE. Example: {{{ n3(router)---------------------n7(hub) eth0: 10.0.0.3/24 vzbrn7: 10.0.0.1/24 host's external IP address: 123.4.50.6 host's nameserver: 123.4.50.1 }}} # Place a hub or switch node in CORE and link it to the router/PC/host node that you want to connect to the external network. In the example shown here, node n3 is linked to hub n7, and n3 has the IP address 10.0.0.3/24. # Run the emulation. CORE will create a Linux bridge on the host having a name such as 'vzbrn7' if the hub is node 7. # Assign an IP address to the bridge. This address should belong to the same IP subnet as the node. In this example, 10.0.0.1/24 is used for the bridge vzbrn7 on the host. # Now the container should be able to ping the bridge interface: {{{ vzctl exec 1003 ping 10.0.0.1 }}} # Determine the interface and IP address of the host on the external network. In this example, the host has eth0 with the public address 123.4.50.6. # Add a NAT rule: {{{ iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j SNAT --to 123.4.50.6 }}} # Set the container's nameservers: {{{ cat /etc/resolv.conf > /vz/private/1003/etc/resolv.conf }}} # Set the container's default route. You may have to delete any existing default route. {{{ vzctl exec 1003 ip ro del default; vzctl exec 1003 ip ro add default via 10.0.0.1 }}} # Now the container should have NAT access to the outside world. You may now run commands such as {{{ yum }}} from inside the container. {{{ root@n3# ping www.yahoo.com PING www.yahoo.com (209.131.36.158) 56(84) bytes of data. 64 bytes from www.yahoo.com (209.131.36.158): icmp_seq=1 ttl=250 time=0.960 ms 64 bytes from www.yahoo.com (209.131.36.158): icmp_seq=2 ttl=250 time=1.09 ms 64 bytes from www.yahoo.com (209.131.36.158): icmp_seq=3 ttl=250 time=1.00 ms 64 bytes from www.yahoo.com (209.131.36.158): icmp_seq=4 ttl=250 time=1.35 ms }}}