Complete network config for mixed OpenVZ virtual containers

キャンセルされた 投稿 Mar 8, 2013 着払い
キャンセルされた 着払い

We have been using CSF on a virtualized (OpenVZ) environment successfully for a while now where the host and virtual machines each run their own CSD instance. We have now mixed venet with bridged interfaces by adding some redirect rules:

iptables -t nat -A POSTROUTING -s "10.0.0.0/24" -o vmbr0 -j MASQUERADE

And we were hoping to open some ports via the host to the local virtual machines but limiting it only to certain IPs

With the redirect feature on CSF firewall this works great, but the IP reported is the host one, not the originating IP so we can not limit it with another CSF instance (or simple firewall rule) on the destination virtual system.

We thought that CSF was "firewalling" those redirects before "natting" them, but only now have realized it does not!!

The CSF readme actually states "All redirections to another IP address will always appear on the destination server with the source of this server, not the originating IP address." so this is a standart feature.

We have attached the current aprox network config and ip routes.

THE JOB

What we are looking is for a tested enviroiment that works on this basis solving the 2 major issues we currently have:

- traffic between "local" ips bridged to venet ones originates from "host". This is... [url removed, login to view] (bridged) traffic to [url removed, login to view] (venet) reports as originating from hosts IP

- we need CSF redirect rules to be parsed by the firewall and/or that the redirects pass the ioriginating IP to the containers so we can firewall there.

-- the solution might be to create all the NAT rules manually with masquerading and including them on a "post" script that CSF executes and ignore the "redirect" feature there.

We would like to recieve the network configuration + required ip route commands + iptables rules to be loaded by CSF if requried.

The supplier will have to emulate and test on his own enviroiment the solution, with full payment once we have implemented them on our own setup.

Linux システム管理

プロジェクトID: #4312851

プロジェクトについて

5個の提案 リモートプロジェクト アクティブ Mar 31, 2013

5人のフリーランサーが、平均€324 で、この仕事に入札しています。

osmanbsd

Details in PM

€100 EUR 1日以内
(79件のレビュー)
6.8
linuxfreak1985

Hi there, i am very interested to complete this project. please see my past reviews lets complete this project

€220 EUR 3日以内
(133件のレビュー)
6.5
GandalfTheGrey

I am experienced Linux administrator. I could prepare solution for your issues within my testing environment, however your current budget range is not appropriate for time/effort needed for this task (testing env prepa もっと

€750 EUR 4日以内
(7件のレビュー)
4.0
abusayed2004

I can do it...

€300 EUR 2日以内
(4件のレビュー)
2.9
garhwalsatyapal

ready to work with you

€250 EUR 5日以内
(4件のレビュー)
1.3