Complete network config for mixed OpenVZ virtual containers


We have been using CSF on a virtualized (OpenVZ) environment successfully for a while now where the host and virtual machines each run their own CSD instance. We have now mixed venet with bridged interfaces by adding some redirect rules:

iptables -t nat -A POSTROUTING -s "" -o vmbr0 -j MASQUERADE

And we were hoping to open some ports via the host to the local virtual machines but limiting it only to certain IPs

With the redirect feature on CSF firewall this works great, but the IP reported is the host one, not the originating IP so we can not limit it with another CSF instance (or simple firewall rule) on the destination virtual system.

We thought that CSF was "firewalling" those redirects before "natting" them, but only now have realized it does not!!

The CSF readme actually states "All redirections to another IP address will always appear on the destination server with the source of this server, not the originating IP address." so this is a standart feature.

We have attached the current aprox network config and ip routes.


What we are looking is for a tested enviroiment that works on this basis solving the 2 major issues we currently have:

- traffic between "local" ips bridged to venet ones originates from "host". This is... [url removed, login to view] (bridged) traffic to [url removed, login to view] (venet) reports as originating from hosts IP

- we need CSF redirect rules to be parsed by the firewall and/or that the redirects pass the ioriginating IP to the containers so we can firewall there.

-- the solution might be to create all the NAT rules manually with masquerading and including them on a "post" script that CSF executes and ignore the "redirect" feature there.

We would like to recieve the network configuration + required ip route commands + iptables rules to be loaded by CSF if requried.

The supplier will have to emulate and test on his own enviroiment the solution, with full payment once we have implemented them on our own setup.

Skills: Linux, System Admin

See more: virtual admin for one job, containers c, c containers, virtual works, openvz, network configuration, nat ports, LOCAL NETWORK, linux config, iptables, firewall configuration , csf, csd , traffic network, open firewall linux, system network admin, nat setup firewall, configuration traffic server, virtual host, virtual linux, iptables redirect, virtual payment system, linux virtual server, originating, redirect traffic using

Project ID: #4312851

5 freelancers are bidding on average €324 for this job


Details in PM

€100 EUR in 1 day
(79 Reviews)

Hi there, i am very interested to complete this project. please see my past reviews lets complete this project

€220 EUR in 3 days
(133 Reviews)

I am experienced Linux administrator. I could prepare solution for your issues within my testing environment, however your current budget range is not appropriate for time/effort needed for this task (testing env prepa More

€750 EUR in 4 days
(7 Reviews)

I can do it...

€300 EUR in 2 days
(4 Reviews)

ready to work with you

€250 EUR in 5 days
(4 Reviews)