Setting Up Private NetworksBy default, all hosts in a host network can communicate with each other as well as external hosts. To isolate some of the hosts so they can only access each other, you can create a private network with the # prlsrvctl privnet add privnet1 --ipadd 10.10.0.0/24 Or, to create a private network # prlsrvctl privnet add privnet2 --ipadd 10.10.10.3 --ipadd 10.10.10.4 Now the virtual environments with the IP addresses from the range 10.10.0.1 through 10.10.0.255 are included in Creating Weak Private Networks Unlike a virtual environment in a regular private network, a virtual environment in a weak private network can communicate with:
You can make a private network weak by adding an asterisk to the list of its IP ranges with the # prlsrvctl privnet set privnet1 --ipadd '*' To check the result, list private networks with the # prlsrvctl privnet list Name G Netmasks privnet1 10.10.0.0/24 * privnet2 10.10.10.3 10.10.10.4 To make a weak private network regular again, remove the asterisk from the list of its IP ranges with the # prlsrvctl privnet set privnet1 --ipdel '*' Creating Global Private Networks To isolate each virtual environment in the host network from every other virtual environment in the host network, you can either create a new global private network or make an existing private network global. You can create a global private network with the # prlsrvctl privnet add privnet3 --ipadd 10.10.10.0/24 --global yes You can make an existing private network global with the # prlsrvctl privnet set privnet3 --global yes Note: A global private network can only contain IP ranges, not specific IP addresses. To check the result, list private networks with the # prlsrvctl privnet list Name G Netmasks privnet1 10.10.0.0/24 * privnet2 10.10.10.3 10.10.10.4 privnet3 x 10.10.10.0/24 A global private network can contain other types of private networks, e.g., weak and regular. Hosts in such private networks are allowed access as per those networks' limitations. For example, on the figure below:
Enabling Private Networks for Containers and Virtual Machines Operating in Bridged Mode By default, you can include in private networks only virtual environments operating in the host-routed mode. To connect to a private network a virtual environment operating in the bridged mode, enable the private network support on the physical server. To do this, set the value of # echo 1 > /proc/sys/net/vzpriv_handle_bridge Note: Enabling private network support may affect the network performance of virtual environments operating in the bridged mode and having IPv4 addresses. Removing Private Networks You can remove a private network with the # prlsrvctl privnet del privnet1 |
||||
|