OpenVZ Forum: Support » 2 nics, 1st nic is private lan - I can't connect to the internet from VEs

Home » General » Support » 2 nics, 1st nic is private lan - I can't connect to the internet from VEs

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

2 nics, 1st nic is private lan - I can't connect to the internet from VEs [message #10396]

Sat, 17 February 2007 21:21

Karateka
Messages: 3
Registered: February 2007

Junior Member

Hello,

I have 1 private lan and 1 public internet nic, my ISP gave me the following details:

eth0 (Private) Server address: 10.10.156.194 Gateway: N/A Netmask: 255.255.255.192
eth1 (Public) Server address:X.Y.151.90 Gateway: X.Y.151.89 Netmask: 255.255.255.248 Secondary address: X.Y.152.160
My ISP told me that the DNS resolvers are on the private lan only (10.0.80.11 and 10.0.80.12)

My goal is to get internet access from a VE.
I run an out of the box Centos 4.4 installation, installed OpenVZ as per your wiki guide and added X.Y.152.160 to my VE.

I can ping from outside and the HN to X.Y.152.160.
I can only ping the own public IP of the VE from the VE. I can't ping the private lan or the public net.

I was advised by the ISP to use public resolvers, so I used these resolvers (by Cisco):
NAMESERVER="128.107.241.185 192.135.250.69"
That didn't help.

Here is some data for diagnostics:

On HN:

# ip r
X.Y.152.160 dev venet0  scope link 
X.Y.151.88/29 dev eth1  proto kernel  scope link  src X.Y.151.90 
10.10.156.192/26 dev eth0  proto kernel  scope link  src 10.10.156.194 
X.Y.152.0/24 dev eth1  proto kernel  scope link  src X.Y.152.160
169.254.0.0/16 dev eth1  scope link 
10.0.0.0/8 via 10.10.156.193 dev eth0 
default via 75.126.151.89 dev eth1

# ifconfig 
eth0      Link encap:Ethernet  HWaddr 00:30:48:32:2C:D0  
          inet addr:10.10.156.194  Bcast:10.10.156.255  Mask:255.255.255.192
          inet6 addr: fe80::230:48ff:fe32:2cd0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:207 errors:0 dropped:0 overruns:0 frame:0
          TX packets:691 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:29936 (29.2 KiB)  TX bytes:48253 (47.1 KiB)
          Base address:0x2000 Memory:d8000000-d8020000 

eth1      Link encap:Ethernet  HWaddr 00:30:48:32:2C:D1  
          inet addr:X.Y.151.90  Bcast:X.Y.151.95  Mask:255.255.255.248
          inet6 addr: fe80::230:48ff:fe32:2cd1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:168074 errors:0 dropped:0 overruns:0 frame:0
          TX packets:107415 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:242067188 (230.8 MiB)  TX bytes:9050879 (8.6 MiB)
          Base address:0x2020 Memory:d8020000-d8040000 

eth1:0    Link encap:Ethernet  HWaddr 00:30:48:32:2C:D1  
          inet addr:X.Y.152.160  Bcast:X.Y.152.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Base address:0x2020 Memory:d8020000-d8040000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1064 (1.0 KiB)  TX bytes:1064 (1.0 KiB)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:421 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:31046 (30.3 KiB)  TX bytes:0 (0.0 b)

On VE:

# ip r
192.0.2.0/24 dev venet0  scope host 
169.254.0.0/16 dev venet0  scope link 
default via 192.0.2.1 dev venet0

# ifconfig 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:60 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:4506 (4.4 KiB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:X.Y.152.160  P-t-P:X.Y.152.160  Bcast:X.Y.152.160  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

Report message to a moderator

Re: 2 nics, 1st nic is private lan - I can't connect to the internet from VEs [message #10397 is a reply to message #10396]

Sat, 17 February 2007 21:35

Karateka
Messages: 3
Registered: February 2007

Junior Member

Some further diagnostics. I tried to ping yahoo.com from VE and ran this on the HN:

tcpdump -nni venet0
tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back to cooked socket
tcpdump: WARNING: venet0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on venet0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
15:27:14.805958 IP X.Y.152.160.32849 > 128.107.241.185.53:  28376+ AAAA? vps8.domain.com. (38)
15:27:19.804752 IP X.Y.152.160.32850 > 192.135.250.69.53:  28376+ AAAA? vps8.domain.com. (38)
15:27:23.712328 IP X.Y.152.160.32851 > 128.107.241.185.53:  63647+ A? yahoo.com. (27)
15:27:24.804681 IP X.Y.152.160.32849 > 128.107.241.185.53:  28376+ AAAA? vps8.domain.com. (38)
15:27:28.711669 IP X.Y.152.160.32852 > 192.135.250.69.53:  63647+ A? yahoo.com. (27)

Report message to a moderator

Re: 2 nics, 1st nic is private lan - I can't connect to the internet from VEs [message #10398 is a reply to message #10396]

Sat, 17 February 2007 21:43

Karateka
Messages: 3
Registered: February 2007

Junior Member

And the last bits of information which seem to be necessary for help:

gw8.domain.com (X.Y.151.89) at 00:1A:30:38:90:00 [ether] on eth1
? (10.10.156.193) at 00:1A:30:38:A8:00 [ether] on eth0
alpha.domain.com (X.Y.152.160) at * PERM PUP on eth1
alpha.domain.com (X.Y.152.160) at * PERM PUP on eth0

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
X.Y.152.160  0.0.0.0         255.255.255.255 UH    0      0        0 venet0
X.Y.151.88   0.0.0.0         255.255.255.248 U     0      0        0 eth1
10.10.156.192   0.0.0.0         255.255.255.192 U     0      0        0 eth0
X.Y.152.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1
10.0.0.0        10.10.156.193   255.0.0.0       UG    0      0        0 eth0
0.0.0.0         X.Y.151.89   0.0.0.0         UG    0      0        0 eth1

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.0.2.0       0.0.0.0         255.255.255.0   U     0      0        0 venet0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 venet0
0.0.0.0         192.0.2.1       0.0.0.0         UG    0      0        0 venet0

If anyone has any suggestions, please make sure to type out the code as well, as I might not really know what to do otherwise. Wink

Report message to a moderator

Re: 2 nics, 1st nic is private lan - I can't connect to the internet from VEs [message #10443 is a reply to message #10398]

Mon, 19 February 2007 11:11

Alexandr Andreev
Messages: 35
Registered: October 2006

Member

What about IP forwarding in HW node?

# cat /proc/sys/net/ipv4/ip_forward
if it returns 0, do

# echo 1 > /proc/sys/net/ipv4/ip_forward

Report message to a moderator

Re: 2 nics, 1st nic is private lan - I can't connect to the internet from VEs [message #10445 is a reply to message #10396]

Mon, 19 February 2007 11:14

Vasily Tarasov
Messages: 1345
Registered: January 2006

Senior Member

Hello,

At first, to avoid problems with DNS, we will ping by IP addresses, but not by server names. For example, yahoo.com have IP address 66.94.234.13, and we will use at first step.

I can see, that IP address X.Y.152.160 is ascribed to eth1:0 and to VEs venet0:0 interface. It is not right, you should delete it from eth1:0

After that, if it still not work, please, do the following and post the output here:

in VE:

# ping 66.94.234.13
# ip r get 66.94.234.13
# iptables -L -nv
# iptables -t nat -L -nv

on HN:

# ping X.Y.151.90
# ping 66.94.234.13
# ip r get 66.94.234.13
# ip r get X.Y.152.160
# iptables -L -nv
# iptables -t nat -L -nv

Thanks.

[Updated on: Mon, 19 February 2007 11:15]

Report message to a moderator

Re: 2 nics, 1st nic is private lan - I can't connect to the internet from VEs [message #10449 is a reply to message #10443]

Mon, 19 February 2007 11:36

Alexandr Andreev
Messages: 35
Registered: October 2006

Member

And:

inside HW: eth1:0 has X.Y.152.160

and

inside VE: venet0:1 has X.Y.152.160 - the same IP address???

See also articles about VE networking when there are several hw interfaces on HW node:

http://wiki.openvz.org/Multiple_Network_Interfaces

Also please check, that IP packets were really sent to internet:

# tcpdump -nni eth1
(not venet0)

Report message to a moderator

Previous Topic:	CLOSED NFS-Support
Next Topic:	CLOSED Refused connect from ipv6 using ssh

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Fri Oct 31 10:42:05 GMT 2025

Total time taken to generate the page: 0.11069 seconds