OpenVZ Host 是源 IP 地址而不是实际的网络浏览者？

我遇到了一些奇怪的事情。我在 CentOS 5 服务器上运行 OpenZV。似乎在容器上，Apache Web 服务器看到的请求的源 IP 地址是 OpenVZ 主机的 IP 地址，而不是实际浏览者的 IP 地址。有什么建议可以解释为什么会发生这种情况吗？

这是我的 sysctl.conf：

# packet forwarding enabled and proxy arp disabled
net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0

# Enables source route verification
net.ipv4.conf.all.rp_filter = 1

# Enables the magic-sysrq key
kernel.sysrq = 1

# We do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0

iptables-save 输出：

# Generated by iptables-save v1.3.5 on Sun Jan  3 15:23:59 2010
*nat
:PREROUTING ACCEPT [756200:49422664]
:POSTROUTING ACCEPT [903767:67426359]
:OUTPUT ACCEPT [369070:31874494]
-A POSTROUTING -m mark --mark 0x9 -j MASQUERADE 
COMMIT
# Completed on Sun Jan  3 15:23:59 2010
# Generated by iptables-save v1.3.5 on Sun Jan  3 15:23:59 2010
*mangle
:PREROUTING ACCEPT [12320704:7736523164]
:INPUT ACCEPT [384169:50094465]
:FORWARD ACCEPT [11926020:7685806944]
:OUTPUT ACCEPT [386465:36820058]
:POSTROUTING ACCEPT [12308944:7722398683]
-A PREROUTING -i eth0 -j MARK --set-mark 0x9 
COMMIT
# Completed on Sun Jan  3 15:23:59 2010
# Generated by iptables-save v1.3.5 on Sun Jan  3 15:23:59 2010
*filter
:INPUT ACCEPT [379753:49502640]
:FORWARD ACCEPT [11855492:7632198223]
:OUTPUT ACCEPT [386465:36820058]
:RH-Firewall-1-INPUT - [0:0]
COMMIT
# Completed on Sun Jan  3 15:23:59 2010

ip ro sh 输出：

68.168.248.39 dev venet0  scope link 
68.168.248.38 dev venet0  scope link 
68.168.248.37 dev venet0  scope link 
68.168.248.36 dev venet0  scope link 
68.168.248.35 dev venet0  scope link 
68.168.248.34 dev venet0  scope link 
68.168.248.33 dev venet0  scope link 
68.168.248.40 dev venet0  scope link 
208.89.162.96/27 dev eth0  proto kernel  scope link  src 208.89.162.114 
169.254.0.0/16 dev eth0  scope link 
default via 208.89.162.97 dev eth0