Created
February 1, 2016 18:35
-
-
Save DavidWittman/d0d3c01d1f905e986450 to your computer and use it in GitHub Desktop.
Auto add and remove NAT rules for OpenVZ containers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@iadesapp0 ~]# iptables -t nat -vnL | grep 51008 | |
| [root@iadesapp0 ~]# vzctl start 1007 | |
| Starting container... | |
| Warning: configuration file for distribution OR-centos-6.4-x86_64 not found, using defaults from /etc/vz/dists/default | |
| Adding NAT rules for ports 31008,41008,51008,61008 | |
| VZ mount is iadesapp0vz7 | |
| mount: special device /data/iadesapp0vz7 does not exist | |
| Container is mounted | |
| /etc/vz/conf/vps.mount: line 36: /etc/vz/conf/vps-set-io.sh: No such file or directory | |
| Adding IP address(es): 10.57.152.45 | |
| Setting CPU units: 2000 | |
| Setting CPUs: 2 | |
| Setting CPU mask: 6-11,18-23 | |
| Container start in progress... | |
| [root@iadesapp0 ~]# iptables -t nat -vnL | grep 51008 | |
| 0 0 DNAT tcp -- bond_prv.+ * 0.0.0.0/0 0.0.0.0/0 multiport dports 31008,41008,51008,61008 /* VZ 1007 */ to:10.57.152.45 | |
| [root@iadesapp0 ~]# vzctl stop 1007 | |
| Stopping container ... | |
| Container was stopped | |
| Container is unmounted | |
| Removing NAT rules for ports 31008,41008,51008,61008 | |
| [root@iadesapp0 ~]# iptables -t nat -vnL | grep 51008 | |
| [root@iadesapp0 ~]# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 31008,41008,51008,61008 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # /etc/vz/conf/vps.postumount | |
| . /etc/vz/vz.conf | |
| . "${VE_CONFFILE}" | |
| # Remove NAT rules | |
| VZ_PORT_CONFIG="/etc/vz/ports/${HOSTNAME}" | |
| if [[ -r "$VZ_PORT_CONFIG" ]]; then | |
| PORTS=$(cat "$VZ_PORT_CONFIG") | |
| if [[ -n "$PORTS" ]]; then | |
| . /etc/vz/nat.conf | |
| for VAR in VZ_DNAT_CHAIN VZ_DNAT_INTERFACE; do | |
| if [[ -z "${!VAR}" ]]; then | |
| echo "Error removing NAT rules: ${VAR} is not set." | |
| exit 1 | |
| fi | |
| done | |
| echo "Removing NAT rules for ports ${PORTS}" | |
| /sbin/iptables -t nat -D "$VZ_DNAT_CHAIN" -i "$VZ_DNAT_INTERFACE" -p tcp -m multiport --dports "$PORTS" -j DNAT --to-destination "${IP_ADDRESS}" -m comment --comment "VZ ${VEID}" | |
| fi | |
| fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # /etc/vz/conf/vps.premount | |
| . /etc/vz/vz.conf | |
| . "${VE_CONFFILE}" | |
| # Add NAT rules | |
| VZ_PORT_CONFIG="/etc/vz/ports/${HOSTNAME}" | |
| if [[ -r "$VZ_PORT_CONFIG" ]]; then | |
| PORTS=$(cat "$VZ_PORT_CONFIG") | |
| if [[ -n "$PORTS" ]]; then | |
| . /etc/vz/nat.conf | |
| for VAR in VZ_DNAT_CHAIN VZ_DNAT_INTERFACE; do | |
| if [[ -z "${!VAR}" ]]; then | |
| echo "Error adding NAT rules: ${VAR} is not set." | |
| exit 1 | |
| fi | |
| done | |
| echo "Adding NAT rules for ports ${PORTS}" | |
| /sbin/iptables -t nat -I "$VZ_DNAT_CHAIN" -i "$VZ_DNAT_INTERFACE" -p tcp -m multiport --dports "$PORTS" -j DNAT --to-destination "${IP_ADDRESS}" -m comment --comment "VZ ${VEID}" | |
| fi | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment