Enabling NAT for Container
Posted by Patrick Tomlin on 27 October 2010 05:40 PM
Enabling NAT for Container

Parallels Virtuozzo Containers allows you to enable Network Address Translation (NAT), a method of connecting multiple servers to the Internet (or any other IP network) using a single IP address, for Containers running in both the host-routed mode and the bridged mode. NAT grants your Containers access to network resources by using the Hardware Node IP address. So, if you use NAT, your Container does not have its own IP address on the external network. Instead, a separate private network is set up on the Hardware Node and all your Containers are assigned private IP addresses on that network. A special NAT device on the Hardware Node transmits network data between the Containers and the external network. This device identifies incoming data packets intended for each Container and sends them to the correct destination.
In the picture above, Container #1 and Container #2 are assigned private IP addresses of 10.0.0.101 and 10.0.0.102, respectively. In its turn, the Hardware Node has a public IP address (122.122.145.101) assigned to it. This public IP address is used by both Containers to access servers on external networks (shown as PUBLIC NETWORK in the picture). It means that when traffic passes from either Container to the public network, the Container private address in each IP packet is translated to the public address of the Hardware Node. When a reply returns to the Hardware Node, the NAT device on the Node determines to which Container the reply should be forwarded.
By default, the NAT functionality is disabled for a newly created Container. You can use the -- nat option of the vzctl set command to enable NAT for any Container on the Node. For example, you can issue the following command to switch on NAT for Container 101:
This command enables NAT for the default virtual network adapter inside Container 101; this adapter is made by default inside every Container during its creation. If you have more than one virtual network adapter inside the Container, you need to specify the --netif option when running the vzctl set command. For example, to enable NAT for the virtual network adapter with the name of vznet1, you can run this command:
C:\...\Administrator>vzctl set 101 --nat on --save
Command 'set' is successfully completed
Managing Parallels Virtuozzo Containers Network    273
C:\...\Administrator>vzctl set 101 --netif vznet --nat on --save
Command 'set' is successfully completed
If there are several physical network adapters installed on the Hardware Node, you can also enable NAT for a particular Container virtual network adapter on a particular physical adapter. For example, you can execute the following command to turn on NAT for Container 101 as regards to a physical network adapter on the Node having the MAC address of 00-0A-BB- 32-F1-FD:
Note: For any Container virtual network adapter operating in the bridged mode, you can enable NAT on all physical network adapters on the Hardware Node except for the one to which the Container adapter is bound. So, if you have NIC1, NIC2, and NIC3 installed on the Node and the Container adapter is bound to NIC1, you can turn on NAT for this adapter on NIC2 and NIC3 only.
At any time, you can disable NAT for any Container on the Hardware Node. For example: ? To disable NAT for the default virtual network adapter inside Container 101:
? To disable NAT for the vznet1 (non-default) virtual network adapter inside Container 101:
? To disable NAT for the default virtual network adapter inside Container 101 as regards to a physical network adapter on the Node with the MAC address of 00-0A-BB-32-F1-FD:
C:\...\Administrator>vzctl set 101 --nat on
--preferred_adapter 00-0A-BB-32-F1-FD --save
Command 'set' is successfully completed
C:\...\Administrator>vzctl set 101 --nat off --save
Command 'set' is successfully completed
C:\...\Administrator>vzctl set 101 --netif vznet1 --nat off --save
Command 'set' is successfully completed
C:\...\Administrator>vzctl set 101 --nat off
--preferred_adapter 00-0A-BB-32-F1-FD --save
Command 'set' is successfully completed
(253 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments: