Ubuntu – Referanceing venet0:0 and venet0:1 in iptables on OpenVZ

I have an Ubuntu vps that is hosted with openvz. For a while now I have had trouble using the interface names in iptables, such as: (edited)

 -A INPUT -i venet0:0 -p tcp -m tcp --dport 80 -j ACCEPT

The problem is iptables does not seem to understand what venet0:0 is. I also have a rather odd network configuration. Output of ifconfig -a

 gre0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-20-4A-00-00-00-00-00-00-00-00  
     NOARP  MTU:1476  Metric:1
     RX packets:0 errors:0 dropped:0 overruns:0 frame:0
     TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0 
     RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

 gretap0   Link encap:Ethernet  HWaddr 00:00:00:00:00:00  
     BROADCAST MULTICAST  MTU:1476  Metric:1
     RX packets:0 errors:0 dropped:0 overruns:0 frame:0
     TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:1000 
     RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

 lo        Link encap:Local Loopback  
    inet addr:127.0.0.1  Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING  MTU:16436  Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0 
    RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

 venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
    inet addr:127.0.0.2  P-t-P:127.0.0.2  Bcast:0.0.0.0  Mask:255.255.255.255
    UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
    RX packets:44859 errors:0 dropped:0 overruns:0 frame:0
    TX packets:37950 errors:0 dropped:103 overruns:0 carrier:0
    collisions:0 txqueuelen:0 
    RX bytes:9472928 (9.0 MiB)  TX bytes:8953521 (8.5 MiB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
    inet addr:xx.xx.xx.xx  P-t-P:xx.xx.xx.xx  Bcast:xx.xx.xx.xx  Mask:255.255.255.255
    UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

venet0:1  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
     inet addr:xy.xy.xy.xy  P-t-P:xy.xy.xy.xy  Bcast:xy.xy.xy.xy  Mask:255.255.255.255
     UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

I emailed my vps provider and asked how to assign interfaces such as eth0 and eth1 for iptables interface referencing, and they replied that it was not possible, but that the venet interfaces could be used as such. However, when I try to use them, nothing happens.

I know there must be something I am doing wrong or don't understand. I also don't understand what the gre0 and gretap0 interfaces are, or what they are for. Any ideas?

Best Answer

You cannot specify an aliased interface name with iptables, only an actual interface name. The trick is to add the destination IP address as an additional condition. Also you do not need the -m tcp part. So if you wanted to accept traffic to port 80 on both aliased interfaces, the rules would be:

-A INPUT -i venet0 -d xx.xx.xx.xx -p tcp --dport 80 -j ACCEPT
-A INPUT -i venet0 -d xy.xy.xy.xy -p tcp --dport 80 -j ACCEPT

Best Answer

Related Solutions

Ubuntu – Not able to connect to local network

Related Question