A virtual machine needs an IP address to access the internet. A virtual machine can be assigned private IPs. To access the Internet from the virtual machine with a private IP address, you need to complete the following steps: 

  1. Assign the IP addresses from a single subnet to the virtual machine and cluster. Add a private IP address to the cluster node where the virtual machine is created. E.g., create the file /etc/sysconfig/network-scripts/ifcfg-eth0:0 and specify the IP address, mask, and gateway;
  2. Configure the iptables rules. To make the virtual machine access the Internet, you need to set up the SNAT, and set up DNAT to allow access to the virtual machine from the Internet. Learn more under OpenVZ website.

    1. Add the POSTROUTING rule for SNAT:

      iptables -t nat -A POSTROUTING -s src_net -o eth0 -j SNAT --to ip_address
      BASH

      src_net — virtual machine IP.

      ip_address — cluster node IP where the virtual machine is created.

    2. Add the PREROUTING rule for DNAT:

      iptables -t nat -A PREROUTING -p tcp -d ip_address --dport port_num -i eth0 -j DNAT --to-destination ve_address:dst_port_num
      BASH

      ve_address — virtual machine IP.

      dst_port_num — port of the service you want to make accessible.

      ip_address — IP address of the cluster node where the virtual machine is created.

      port_num — port on the cluster node that will be used for the redirect.