jnorell
commented
8 years ago Just use custom rules in either /etc/vz/conf/0.conf or in the container's /etc/vz/conf/ctid.conf file. The latter can use $THIS as a placeholder for your GuestPrivateIP, but HWnodeIP will have to be hard-coded in either file.
Hi I am trying to work out how to ether include an external rules file after updating vzfirewall or (better) a way to include port forwardings in the guest.conf FIREWALL directive? I use rules like the following to forward ports from the hardware nodes IP to guests. iptables -t nat -A PREROUTING -p tcp -d HWnodeIP --dport 222 -i eth0 -j DNAT --to-destination GuestPrivateIP:22
thanks marl