Powered By Blogger

Saturday 19 January 2013

Enable TUN/TAP and NAT and KERNAL modules.

Enable TUN/TAP and NAT


1. EnableTUN/TAP
—————————
# lsmod | grep tun
# modprobe tun
vzctl set 101 –devices c:10:200:rw –save
vzctl set 101 –capability net_admin:on –save
vzctl exec 101 mkdir -p /dev/net
vzctl exec 101 mknod /dev/net/tun c 10 200
vzctl exec 101 chmod 600 /dev/net/tun
—————————

 Enable NAT :
* Login to Node server. Check vzcinfiguration file to find whether NAT is enabled or not.
—————————
grep -i iptables /etc/vz/vz.conf
## IPv4 iptables kernel modules
IPTABLES=”ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length”
—————————
Add NAT to the configuration file.
—————————
#vi /etc/vz/vz.conf
insert ‘iptable_nat’ on to the iptables modules.
## IPv4 iptables kernel modules
IPTABLES=”iptable_nat ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length”
Check NAT is loaded or not,
lsmod | grep nat
—————————
# lsmod | grep nat
iptable_nat 43404 3
ip_nat 53520 2 iptable_nat,vzrst
ip_conntrack 101396 6 iptable_nat,vzrst,ip_nat,vzcpt
nfnetlink 40392 2 ip_nat,ip_conntrack
ip_tables 57440 3 iptable_nat,iptable_mangle,iptable_filter
x_tables 52744 11 iptable_nat,xt_tcpudp,xt_length,ipt_ttl,xt_tcpmss,ipt_TCPMSS,xt_multiport,xt_limit,ipt_tos,ipt_REJECT,ip_tables
—————————
* Now save the paraments for the VPS to which NAT has to be enabled.
from node :
—————————
vzctl set VZID –iptables “iptable_nat iptable_filter iptable_mangle ip_conntrack ipt_conntrack ipt_REDIRECT ipt_REJECT ipt_multiport ipt_helper ipt_LOG ipt_state” –save
VZID is VPS ID, replace it with the correct one.
* Restart VPS
vzctl restart VZID
* Enter into the VPS
vzctl enter VZID
* Check for NAT
# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 2 packets, 88 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1 packets, 72 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT all – * venet0 10.9.0.0/24 0.0.0.0/0 to:111.140.170.134
0 0 SNAT all – * venet0 10.8.0.0/24 0.0.0.0/0 to:111.140.170.134
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)