openvz iptables nat问题的解决方案
kevin.Zhu 发布于:2017-9-27 14:21 分类:Linux 有 19 人浏览,获得评论 0 条
有如下方法可以尝试:
1. 设置虚拟机
vzctl set $CTID --netfilter full --saveIn the /etc/vz/vz.conf
改成:
## IPv4 iptables kernel modules to be enabled in CTs by default
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"
IPTABLES="iptable_nat ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"
## IPv4 iptables kernel modules to be loaded by init.d/vz script
IPTABLES_MODULES="$IPTABLES"
3.
How To Enable IPTables Modules in OpenVZ
Ensure you have this line by editing /etc/sysconfig/iptables-config
Edit /etc/sysconfig/vz
Enable Them
service restart iptables
You can restart the vz service too but that will take down other containers. If only one container needs it, just restart the individual container.
IPTABLES_MODULES="ipt_REDIRECT ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"
IPTABLES="ipt_REDIRECT ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"