Здравствуйте! Использую OpenVZ , на CT0 у меня 2 NIC eth0 внешний и eth1 локальный . Нужно, чтобы в созданных контейнерах был доступ в локальную сеть .
Это вывод из хост системы:
eth0 Link encap:Ethernet HWaddr 00:30:48:82:FC:4C
inet addr:11.111.181.4 Bcast:11.111.183.255 Mask:255.255.252.0
inet6 addr: fe80::230:48ff:fe82:fc4c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:821537 errors:0 dropped:0 overruns:0 frame:0
TX packets:7836 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:68817533 (65.6 MiB) TX bytes:1047940 (1023.3 KiB)
eth1 Link encap:Ethernet HWaddr 00:30:48:82:FC:4D
inet addr:192.168.0.252 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::230:48ff:fe82:fc4d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:120 (120.0 b) TX bytes:1512 (1.4 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:1080 errors:0 dropped:0 overruns:0 frame:0
TX packets:1031 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:108113 (105.5 KiB) TX bytes:69507 (67.8 KiB)
192.168.0.254 dev venet0 scope link
11.111.181.5 dev venet0 scope link
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.252
11.111.180.0/22 dev eth0 proto kernel scope link src 11.111.181.4
169.254.0.0/16 dev eth0 scope link metric 1002
169.254.0.0/16 dev eth1 scope link metric 1003
default via 89.111.180.1 dev eth0
Вот вывод из контейнера, он должен иметь доступ как в локальную так и во внешнюю сети:
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:114 errors:0 dropped:0 overruns:0 frame:0
TX packets:114 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:9784 (9.5 KiB) TX bytes:9784 (9.5 KiB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:1034 errors:0 dropped:0 overruns:0 frame:0
TX packets:1083 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:69651 (68.0 KiB) TX bytes:108233 (105.6 KiB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:11.111.181.5 P-t-P:89.111.181.5 Bcast:89.111.181.5 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
venet0:1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.0.254 P-t-P:192.168.0.254 Bcast:192.168.0.254 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
ip route list
169.254.0.0/16 dev venet0 scope link metric 1002
default dev venet0 scope link
На хост системе iptables выключил, sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.eth0.proxy_arp = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 1
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
Куда еще копнуть.....