This blog is running from an OpenVZ container on a server with a single public IP. There is no separate router; the eth0 interfaces is connected directly to the Internet. Therefore, I had to create a vlan with private IPs for my containers which would share the one public IP. Here’s how I did it.
/etc/network/interfaces
auto eth0
iface eth0 inet static
address x.x.x.x
netmask 255.255.255.254
gateway x.x.x.x
auto venet0:0
iface venet0:0 inet static
address 172.29.247.100
netmask 255.255.255.0 |
auto eth0
iface eth0 inet static
address x.x.x.x
netmask 255.255.255.254
gateway x.x.x.x
auto venet0:0
iface venet0:0 inet static
address 172.29.247.100
netmask 255.255.255.0
Note that the venet0 interface is created when installing OpenVZ. By default it has no IP. I assigned a static IP of 172.29.247.100 and netmask of 255.255.255.0 to allow space for a whole lot of containers. Now for the fun part, messing with iptables.
# NAT VM subnet (247) to external ip
/sbin/iptables -t nat -A POSTROUTING -s 172.29.247.0/24 -o eth0 -j SNAT --to x.x.x.x
# Allow all traffic for venet0 interface
/sbin/iptables -A INPUT -i venet0 -j ACCEPT
# ssh to containers
/sbin/iptables -t nat -I PREROUTING -p tcp -d x.x.x.x --dport 2222 -j DNAT --to 172.29.247.103:22
/sbin/iptables -I FORWARD -p tcp -d 172.29.247.103 --dport 2222
/sbin/iptables -t nat -I PREROUTING -p tcp -d x.x.x.x --dport 2223 -j DNAT --to 172.29.247.102:22
/sbin/iptables -I FORWARD -p tcp -d 172.29.247.102 --dport 2223 |
# NAT VM subnet (247) to external ip
/sbin/iptables -t nat -A POSTROUTING -s 172.29.247.0/24 -o eth0 -j SNAT --to x.x.x.x
# Allow all traffic for venet0 interface
/sbin/iptables -A INPUT -i venet0 -j ACCEPT
# ssh to containers
/sbin/iptables -t nat -I PREROUTING -p tcp -d x.x.x.x --dport 2222 -j DNAT --to 172.29.247.103:22
/sbin/iptables -I FORWARD -p tcp -d 172.29.247.103 --dport 2222
/sbin/iptables -t nat -I PREROUTING -p tcp -d x.x.x.x --dport 2223 -j DNAT --to 172.29.247.102:22
/sbin/iptables -I FORWARD -p tcp -d 172.29.247.102 --dport 2223
It may not be the optimal solution, but it works, it’s stable, and I’m quite proud of myself.
Someone at the school board received this spam message today. I must say this variation is better than the usual junk about viagra and rolexes ;). But seriously, what are they expecting to get out of this?
bonjour!!! ca va??? je m’appelle Svetlana. j’ai 29 ans.
j’ai deja eu une mauvaise experience de parler avec les hommes dans l’internet.
nous avons eu une correspondance exceptionnelle tres longtemps et je l’ai cru.
j’ai l’habitude de croire les hommes mais cet homme a casse mon coeur.
j’etais choquee et je ne savais pas ce que je devais faire. j’ai cesse a croire les hommes.
j’ai commence a travailler ferme pour oublier tout.
j’ai reussi a faire la cariere mais j’ai compris que la vie ce n’est pas le travail.
je veux etre aimee et je veux offrir l’amour.
je ne sais pas pourquoi je te dis ca j’ai regarde ton prifil et j’ai decide de t’ecrire.
je deteste le mensonge et les jeux avec les gens.
si tes intentions sont serieuses ecris mon email: [email protected]
UPDATE: Google has posted a document explaining the service disruption. Google Service disruption – Sept 24/09
Gmail seems to be down right now… ( Sep 24, 2009 @ 10:42)
To monitor Gmail and other Google Apps services in the future: the Apps Status Dashboard
You’re not crazy. Google has done it again. They made a small change to the look of their website today: the font size and buttons on the home page and search result page are larger. I suppose this shows how ingrained Google is into everyday life, how even the smallest change is noticed by millions. Just like back in May’08 when they changed their favicon.
Internet users tend to dislike change for change’s sake. There is already a userscript that reverts Google to the “classic” look. Another good example of user discontent is the launch of New Facebook, which incited much grumbling. Ultimately though, the whole thing blows over and the face of the Web is changed forever, old designs lost in the depths of the Wayback machine.