LxCenter HyperVM & Kloxo Support

Forum



Members   Search      Help    Register    Login    Home
Home » Archive » HyperVM Feature Requests » TUN/TAP and full iptables support.
TUN/TAP and full iptables support. [message #54027] Tue, 20 January 2009 03:17 Go to next message
pug123 is currently offline pug123  Poland
Messages: 84
Registered: January 2008
Valuable Member
Hello,

We have manny requests from clients who wants

1) TUN/TAP device and we have to do this manually like that:
modprobe tun
vzctl set 101 --devices c:10:200:rw --save
vzctl set 101 --capability net_admin:on --save
vzctl exec 101 mkdir -p /dev/net
vzctl exec 101 mknod /dev/net/tun c 10 200
vzctl exec 101 chmod 600 /dev/net/tun

2) The same thing is with iptables Sad Many clients want to use NAT and it is not enabled by default after install HyperVM slave. The best option would be to change vz.conf or give options to add these to old vpses like:

vzctl set <VPS_ID> --iptables "iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc" --save

We are running many servers and this becomes a problem.

Report message to a moderator

Re: TUN/TAP and full iptables support. [message #54052 is a reply to message #54027] Tue, 20 January 2009 11:52 Go to previous messageGo to next message
Lxhelp
Messages: 23691
Registered: July 2006
The Champion
You can create a script, and submit it, and I will include it with hyperVM.

thanks.


On Tue, Jan 20, 2009 at 08:17:45AM -0000, Martin wrote:
>
>
> Hello,
>
> We have manny requests from clients who wants
>
> 1) TUN/TAP device and we have to do this manually like that:
> modprobe tun
> vzctl set 101 --devices c:10:200:rw --save
> vzctl set 101 --capability net_admin:on --save

Report message to a moderator

Re: TUN/TAP and full iptables support. [message #57906 is a reply to message #54052] Sun, 01 March 2009 17:31 Go to previous messageGo to next message
LxCenter_Danny is currently offline LxCenter_Danny  Netherlands
Messages: 2068
Registered: July 2007
Location: Netherlands
Grandmaster
LxCenter Core Team Member
LxCenter Representative
Lxhelp wrote on Tue, 20 January 2009 17:52
You can create a script, and submit it, and I will include it with hyperVM.

thanks.


On Tue, Jan 20, 2009 at 08:17:45AM -0000, Martin wrote:
>
>
> Hello,
>
> We have manny requests from clients who wants
>
> 1) TUN/TAP device and we have to do this manually like that:
> modprobe tun
> vzctl set 101 --devices c:10:200:rw --save
> vzctl set 101 --capability net_admin:on --save





Received one from the guy?

And if we send in a script that will be implemented to HyperVM, then it is called OpenSource right? Smile

In what why we should send in scripts? GPL? Copyrighted (Lxlabs should pay for it)?

And what language? Perl, Bash, Python, TCL, C++, html, etc etc Smile

In other words, LxLabs should create a sollution not customers/users of HyperVM.



LxCenter - System Operations

Report message to a moderator

Re: TUN/TAP and full iptables support. [message #59631 is a reply to message #54027] Sat, 14 March 2009 11:51 Go to previous messageGo to next message
rmwebs is currently offline rmwebs  United Kingdom
Messages: 86
Registered: September 2007
Location: UK, England
Valuable Member
BUMP for this!

Heres a script I've been using posted by someone on these forums somewhere:

#!/bin/bash
if [ -z "$1" ]
then
    	echo "Usage: make_tun <veid>";
        exit 0
fi
/usr/sbin/vzctl set $1 --devices c:10:200:rw --save
/usr/sbin/vzctl exec $1 mkdir -p /dev/net
/usr/sbin/vzctl exec $1 mknod /dev/net/tun c 10 200
/usr/sbin/vzctl exec $1 chmod 600 /dev/net/tun


Save it as something like enable-tun.sh then to run it do this:

# ./enable-tun.sh <VPS ID>


If you can include a button inside hypervm to enable it that would be a great use!

Report message to a moderator

Re: TUN/TAP and full iptables support. [message #61310 is a reply to message #54027] Sun, 05 April 2009 03:53 Go to previous messageGo to next message
piplite is currently offline piplite  United States
Messages: 508
Registered: February 2008
Location: Boston, MA, USA
Master
Well. Its a good thought but linux by default doesnt activate all iptables modules and you have to modprobe the rest by yourself and after that enable all of them in /etc/vz/vz.conf. So just enabling them all for each vps is not enough. They have to be modprobed on the NH.
I do not think any script made by users can do it. Its only a matter of lxhelp inserting one to the hypervm installation process so it can modprobe all iptables modules.

Thanks.

Report message to a moderator

Re: TUN/TAP and full iptables support. [message #62700 is a reply to message #54027] Fri, 24 April 2009 08:34 Go to previous message
nyunyu is currently offline nyunyu  Malaysia
Messages: 33
Registered: April 2009
Location: Malaysia
Member
Just want to follow up with this thread.
Have this been considered to be included in the next release?

Report message to a moderator

Previous Topic:Ability to not show Fogot password link/page, please
Next Topic:[REQUEST] Further OS Support
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Wed May 22 08:29:33 EDT 2013

Total time taken to generate the page: 0.01090 seconds
.:: Contact :: Home :: Privacy ::.

Click here to lend your support to: LxCenter and make a donation at www.pledgie.com !

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software