Menu Close

Creating OpenVZ in a Centos 6

This tutorial is running under a vps with the following :

  • Memory 2 GB
  • Disk Space 20 GB
  • 4 Cpu core
  • Virtualization KVM
  • Operating System CentOS 6 64bit
  • 1 IPv4
  • /64 IPv6 tunneled from HE

The basic idea is to be able to create an OpenVZ VM inside a KVM VPS.
VM connection to the internet is using NAT trough the eth0 of the KVM VPS, so the OpenVZ VM have direct access to the internet.
Connection from the internet to the OpenVZ VM using port forwarding, which set by IPTABLES.
This tutorial is based from :


Installing basic webserver

# yum install httpd php

Preparing OpenVZ Repository
Add the following repository from OpenVZ to Centos 6

# cd /etc/yum.repos.d
# wget
# rpm import

Installing OpenVZ Kernel

# yum install vzkernel
# yum install vzctl vzquota

Modifying sysctl.conf

# nano /etc/sysctl.conf

Add the following line :

net.ipv4.ip_forward = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0

Activate the modification

# sysctl -p

Modifying the vz.conf

# nano /etc/vz/vz.conf

Find the following line, and change the value to “all”


Disable SELINUX in Centos

# nano /etc/sysconfig/selinux

Find SELINUX line, and change the value to “disabled”

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing  SELinux security policy is enforced.
# permissive  SELinux prints warnings instead of enforcing.
# disabled  No SELinux policy is loaded.
# SELINUXTYPE= can take one of these two values:
# targeted  Targeted processes are protected,
# mls  Multi Level Security protection.

Installing OpenVZ Web Panel for managing the OpenVZ

# wget
# sh

Wait until installation complete, and you will see something like http://ip.address.of.vps:3000.
Setting iptables
Next, we make some modification to permit acl for port 3000 in the iptables

# nano /etc/sysconfig/iptables

Add the following lines :

-A INPUT -m state state NEW -m tcp -p tcp dport 3000 -j ACCEPT

Restart the iptables :

# /etc/init.d/iptables restart

Installing OS template for the OpenVZ

# cd /vz/template/cache

Download all the OS you need here

Example :

# wget

Restart your Centos server

# reboot

Verify that the KVM VPS is using the new OpenVZ kernel

# uname -arm

Managing trough OpenVZ Web Panel


Default username is admin, default password is admin.  By using OpenVZ Web Panel, we can add manage the VM, such creation, editing setting, deletion, etc.
Adding IP Pools to the VM
From the OpenVZ Web Panel, click on the left side, and add the IP Pools, since we only have 1 IPv4, we need to add the private IP to the VM, for example – or –
Next, click on the left side, on the localhost, create your first VM, with the veid for example 101, choose the OS template, assign the private IP to the VM, set the disk space, memory, etc.
How to provide access for container to the internet
To give internet access for container to the internet, we need to set IPTABLES with SNAT to the VM. Here, our KVM VPS is using eth0 with the IP address for example
We can set SNAT for each VM, but for the fastest way, lets set SNAT for each IP :

# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to ip_address

ip_address is the vps IP address, so it would be :

# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to



  1. Kurnia Ramadhan

    Kang, saya ada trouble untuk forwarding. Saya baru sukses untuk forwarding SSH ke IP lokal menggunakan port tertentu atau forwarding port 80 ke IP lokal untuk web akses. Saya menggunakan HAproxy.
    Masalahnya, sampai saat ini saya belum menemukan cara untuk gabungin keduanya (SSH dan Web forward) di HAProxy nya seperti yang dilakukan Anthony di LES. Punya solusinya gak kang hehehe

    • Erawan Arif Nugroho

      Maaf telat balasnya mas, hehe baru mudik lebaran siang ini, jadi baru ada sinyal.
      Jadi maunya kayak gini mas?

      SSH ke diforward ke IP.lokal.vps:22
      Web port diforward ke IP.lokal.vps:80

      Setingannya jadi bikin dua rules di IPTABLES untuk masing-masing port forwardnya.
      Contoh iptables saya :

      Port forward untuk website :
      # iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 10080 -j DNAT --to-destination
      Port forward untuk ssh :
      # iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 10022 -j DNAT --to-destination

      Tapi semua port tadi sebenarnya bebas mau dipakai untuk apa saja 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *