How-To: OpenVZ installation on Debian

OpenVZ is a great open-source virtualization solution for linux. Because there is no emulation layer, just container isolation, its performance overhead is near zero. Here are the steps I used to get it working on Debian Lenny.

If you want to use per-container disk quota and usual linux disk qouta, you will need separate ext2/ext3 partition for container private directories (/var/lib/vz/private/\<CTID>)

First install openvz kernel and user-level tools:

apt-get install linux-image-openvz-686 vzctl vzquota

Edit /etc/sysctl.conf and add/change the following lines:

net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_ecn = 0
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0

kernel.sysrq = 1

load new settings:

sysctl -p

if you'll use a separate partition, move /var/lib/vz directory to it, otherwise skip this step

mv /var/lib/vz /target_partition/vz
ln -s /target_partition/vz/ /var/lib/vz

now reboot machine into new openvz kernel


after that, excecute this command:

uname -r

and you should see something like that:


OK, openvz is now installed and working... Now we'll install & configure some additional stuff...

vzdump is a useful tool for creating container backups. Unfortunately, there is no package in debian lenny repositories, but we can easily install .deb package from

It depends on package cstream, which also needs to be installed.

apt-get install cstream
dpkg -i vzdump_1.1-1_all.deb

If you want to enable iptable modules for all containers, edit /etc/vz/vz.conf and change line:

IPTABLES="ip_tables ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_LOG ipt_conntrack ipt_helper ipt_state iptable_nat ip_nat_ftp ip_nat_irc ipt_TOS"

restart openvz:

/etc/init.d/vz restart

Useful tools / links