Article ID: 120626, created on Mar 19, 2014, last review on May 9, 2014

  • Applies to:
  • Virtuozzo
  • Virtuozzo containers for Linux
  • Virtuozzo hypervisor


  1. A VLAN interface is configured on the hardware node.
  2. A container is created on the hardware node with a network adapter in host-routed mode and is assigned an IP address from the VLAN network.
  3. As a result, the container is not reachable from the external network, it is only accessible within the VLAN.


Such configuration causes asymmetric routing, processed by the hardware node:

  • incoming traffic goes through the VLAN interface, as it is correctly processed by the external router
  • outgoing traffic goes through the default route (if not defined explicitly)

As a result, such traffic is dropped by the hardware node due to enabled by default reverse path filtering.


Enable loose rp_filter for the adapters that process traffic.


  • To change the setting temporarily:

    # sysctl net.ipv4.conf.eth0.rp_filter=2
    # sysctl net.ipv4.conf.eth0.40.rp_filter=2
    # sysctl net.ipv4.conf.eth0.41.rp_filter=2
  • To save the settings permanently:

    # echo "net.ipv4.conf.eth0.rp_filter=2" >> /etc/sysctl.conf
    # echo "net.ipv4.conf.eth0.40.rp_filter=2" >> /etc/sysctl.conf
    # echo "net.ipv4.conf.eth0.41.rp_filter=2" >> /etc/sysctl.conf

Search Words

vm inside cloud

virtuozzo inside cloud

a26b38f94253cdfbf1028d72cf3a498b 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb 0dd5b9380c7d4884d77587f3eb0fa8ef

Email subscription for changes to this article
Save as PDF