Complete network config for mixed OpenVZ virtual containers

This project received 5 bids from talented freelancers with an average bid price of €324 EUR.

Get free quotes for a project like this
Employer working
Skills Required
Project Budget
Total Bids
Project Description

We have been using CSF on a virtualized (OpenVZ) environment successfully for a while now where the host and virtual machines each run their own CSD instance. We have now mixed venet with bridged interfaces by adding some redirect rules:

iptables -t nat -A POSTROUTING -s "" -o vmbr0 -j MASQUERADE

And we were hoping to open some ports via the host to the local virtual machines but limiting it only to certain IPs

With the redirect feature on CSF firewall this works great, but the IP reported is the host one, not the originating IP so we can not limit it with another CSF instance (or simple firewall rule) on the destination virtual system.
We thought that CSF was "firewalling" those redirects before "natting" them, but only now have realized it does not!!

The CSF readme actually states "All redirections to another IP address will always appear on the destination server with the source of this server, not the originating IP address." so this is a standart feature.

We have attached the current aprox network config and ip routes.

What we are looking is for a tested enviroiment that works on this basis solving the 2 major issues we currently have:

- traffic between "local" ips bridged to venet ones originates from "host". This is... [url removed, login to view] (bridged) traffic to [url removed, login to view] (venet) reports as originating from hosts IP
- we need CSF redirect rules to be parsed by the firewall and/or that the redirects pass the ioriginating IP to the containers so we can firewall there.
-- the solution might be to create all the NAT rules manually with masquerading and including them on a "post" script that CSF executes and ignore the "redirect" feature there.

We would like to recieve the network configuration + required ip route commands + iptables rules to be loaded by CSF if requried.
The supplier will have to emulate and test on his own enviroiment the solution, with full payment once we have implemented them on our own setup.

Looking to make some money?

  • Set your budget and the timeframe
  • Outline your proposal
  • Get paid for your work

Hire Freelancers who also bid on this project

    • Forbes
    • The New York Times
    • Time
    • Wall Street Journal
    • Times Online