宇宙主机交流论坛

 找回密码
 注册

QQ登录

只需一步,快速开始

欧基零壹微头条IP归属甄别会员请立即修改密码
查看: 5066|回复: 20

OPENVZ+OPENVPN啊!!!

[复制链接]
发表于 2009-9-8 16:44:40 | 显示全部楼层 |阅读模式
在网上找到一些相关资料,不过好像我们没有权限进行相关操作.
6.在 vi /etc/vz/vz.conf 里找到
## IPv4 iptables kernel modules
IPTABLES="iptable_nat ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"

将这里的模块加到   vi /etc/vz/conf/120.conf
# CPU fair sheduler parameter
CPUUNITS="1000"
VE_ROOT="/vz/root/$VEID"
VE_PRIVATE="/vz/private/$VEID"
OSTEMPLATE="centos-4-i386-default"
ORIGIN_SAMPLE="vps.basic"
IP_ADDRESS="61.191.20.26"
HOSTNAME="vps120"
NAMESERVER="202.102.192.68"
DEVICES="c:10:200:rw "
IPTABLES="ip_tables iptable_nat iptable_filter iptable_mangle ipt_limit ipt_REJECT ipt_length "
CAPABILITY="NET_ADMINn "
否则会报 nat  filter模块不存在需要重新编译内核。
再执行vzctl set 120 --iptables iptable_filter --iptables ipt_length --iptables ipt_limit --iptables iptable_mangle --iptables ipt_REJECT --save
重启openvz 宿机。


最后在iptables里开 NAT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24  -j SNAT --to-source 61.191.20.26

---------
我就卡在这一步了.拷!
发表于 2009-9-8 16:57:43 | 显示全部楼层

回复 1# 的帖子

内核的话还得找服务器管理员了。
 楼主| 发表于 2009-9-8 17:00:14 | 显示全部楼层
他要我在本地先正功运行过再找他.
看来得找些E文文章给他看算了
发表于 2009-9-8 17:04:33 | 显示全部楼层

回复 3# 的帖子

  把证据提供上去
 楼主| 发表于 2009-9-8 17:16:25 | 显示全部楼层

PhotonVPS + openVZ + openVPN = lots of fun :)

First the good news,

hopefully soon my "PhotonVPS" odyssey should end and they should be rdy now to setup openVZ + openVPN properly yay!

Here is a small setup review:

Day1: ordered a openVZ VPS and noted in the order "I need iptables + TUN device enabled to run openVPN"
.
some hours later
.
.
PhotonVPS: "Your VPS is rdy!"
Me: "Yay this was fast! Lets test the "speedy" connection!"
Me: "Um iptables has no NAT support and there is no /dev/net/tun device"
.
Support Mail(1): "iptables nat is missing and TUN also, pls fix"
.
PhotonVPS: "TUN is enabled now and iptables works fine!"
Me: "Yay finally!"
.
Support Mail(2): "iptables NAT is still missing and TUN also?"
.
PhotonVPS: "You must use SNAT in your iptables NAT rule, because Masquerading is not possible with the current Virtuozzo version since it has not been virtualized as a module yet."
.
Support Mail(3): "Im not sure how to do IP MASQUERADE with just SNAT and without MASQUERADE module, pls explain this to me"
PhotonVPS: "Forwarded to Level3 support"
.
some time next day
.
PhotonVPS (L3): "I loaded the MASQUERADE module. Pls try again."
.
Support Mail(4): "TUN device is still missing, maybe i should try a XEN vps is this setup is not possible?"
.
PhotonVPS: "NAT is now working correctly!"
Me after a reboot:
Support Mail(5): "iptables: No chain/target/match by that name and the /dev/net/tun device is gone again"
.
some time later
.
PhotonVPS: "The TUN device is there, whats your problem with the iptables?"
.
Support Mail(6): "iptables: No chain/target/match by that name and the /dev/net/tun device is gone again"
(Sidenote, why do i have to explain the error 2 times here?)
.
PhotonVPS: "Those MASQUERADE issue and the tun should be fixed. Pls run some tests."
.
Support Mail(6+7) are just some chat that i cant test atm since im working.
.
Support Mail(8): "… my root dir looks really strange and there are some /20 /100 dirs now that i did not created. Also after reboot /dev/net/tun is gone again, but yay NAT stayed and worked."
.
.
Support Mail(9-11): Just some questions about XEN and if its possible to move me to those machines since i can compile my own kernel.
.
.
PhotonVPS: They try to setup a script to keep the TUN from from vanishing.
.
.
tobe continued

BTW we are at day 3 after order.

While im writing this im still smiling and "hope" they will get it working. Im not really angry atm, no clue why :p

As a sidenode, myprohost needed 1 mail and 15mins to activate iptables + TUN for my openVPN server :p

Tobe fair i will do a speed review if they manage to finally set this up correctly.
 楼主| 发表于 2009-9-8 17:16:43 | 显示全部楼层
情况跟他的差不多
发表于 2009-9-8 17:18:32 | 显示全部楼层

回复 5# 的帖子

技术还是挺积极的看得出来。
 楼主| 发表于 2009-9-8 21:42:34 | 显示全部楼层
终于配置好了!
 楼主| 发表于 2009-9-8 21:42:50 | 显示全部楼层
要用SNAT.
发表于 2009-9-8 22:32:49 | 显示全部楼层
原帖由 tim009 于 2009-9-8 21:42 发表
要用SNAT.

何解?

啥时候出正式教程,教教我等
您需要登录后才可以回帖 登录 | 注册

本版积分规则

Archiver|手机版|小黑屋|宇宙主机交流论坛

GMT+8, 2024-10-31 19:17 , Processed in 0.067677 second(s), 7 queries , Gzip On, MemCache On.

Powered by Discuz! X3.4

© 2001-2023 Discuz! Team.

快速回复 返回顶部 返回列表