[pve-devel] Contribution to pve
datanom.net
mir at datanom.net
Thu Apr 19 13:30:39 CEST 2012
On 04-19-2012 12:11, Dietmar Maurer wrote:
> Would it help if we run some hook scripts at network configuration
> time?
>
It could be the solution for outgoing connections since this is only
one instruction to iptables. A postrouting rule like the following will
handle all outgoing connections from one venet to its corresponding
bridge (vmbr)
vmbr0 = 192.168.1.2
/sbin/iptables -t nat -A POSTROUTING -o vmbr0 -j SNAT --to-source
192.168.1.2
To have services from vhost exposed to the outside world will require a
rule for every exposed port.
vmbr0 = 192.168.1.2
public port: 8080
vhost ip: 192.168.4.2
vhost port: 80
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 8080 -i vmbr0 -j
DNAT --to 192.168.4.2:80
Regards,
Michael.
More information about the pve-devel
mailing list