| Home » General » Support » VPS doesn't work outsite Node server Goto Forum:
	| 
		
			| VPS doesn't work outsite Node server [message #10795] | Fri, 02 March 2007 15:59  |  
			| 
				
				
					|  xwinner Messages: 11
 Registered: December 2006
 | Junior Member |  |  |  
	| Hi everybody, 
 My node server is ok to join via http or ssh my VPS's
 all of VPS can go outside node can ping "www.yahoo.fr"
 
 But i can't acces the apache of my VPS from external
 
 For sample:
 NODE server is 192.168.0.10
 VPS101 is : 192.168.0.101
 VPS102 is : 192.168.0.102
 
 in VPS 101 i can ping all ip over internet or hostname
 in Node i can ping the VPS101 and login on my VPS101 webmin or apache
 
 But from another computer in my lan : 192.168.0.13, in can't acces the VPS101 or VPS102 but can access to the node server
 
 I think is a route probleme, but i can't solve it
 
 Help !
 
 Thanks
 
 André
 |  
	|  |  |  
	|  |  
	| 
		
			| Re: VPS doesn't work outsite Node server [message #10901 is a reply to message #10835] | Tue, 06 March 2007 21:54   |  
			| 
				
				
					|  xwinner Messages: 11
 Registered: December 2006
 | Junior Member |  |  |  
	| | Vasily Tarasov wrote on Mon, 05 March 2007 10:29 |  | Hello,
 
 If you ask such question, please, provide details:
   
 # ip a l
 # ip r l
 # iptables -L
 # iptables -t nat -L
 # cat /proc/sys/net/ipv4/ip_forwarding
 
 !!!these commands should be run in VE and on HN!!!
 
 Thanks,
 Vasily.
 
 | 
 
 in Node Server:
 
 [root@scrameustache vz]# ip a l
 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
 link/ether 00:0c:6e:40:24:1a brd ff:ff:ff:ff:ff:ff
 inet 192.168.0.10/24 brd 192.168.0.255 scope global eth0
 4: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
 link/ether 00:0c:6e:40:24:19 brd ff:ff:ff:ff:ff:ff
 6: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo
 1: venet0: <BROADCAST,POINTOPOINT,NOARP,UP> mtu 1500 qdisc noqueue
 link/void
 3: veth101.0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
 link/ether 00:12:34:56:78:9b brd ff:ff:ff:ff:ff:ff
 
 
 [root@scrameustache vz]# ip r l
 192.168.0.101 dev veth101.0  scope link
 192.168.0.101 dev venet0  scope link
 192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.10  metric 10
 default via 192.168.0.1 dev eth0  metric 10
 
 
 [root@scrameustache vz]# iptables -L
 Chain Drop (1 references)
 target     prot opt source               destination
 reject     tcp  --  anywhere             anywhere            tcp dpt:auth
 dropBcast  all  --  anywhere             anywhere
 ACCEPT     icmp --  anywhere             anywhere            icmp fragmentation-needed
 ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded
 dropInvalid  all  --  anywhere             anywhere
 DROP       udp  --  anywhere             anywhere            multiport dports 135,microsoft-ds
 DROP       udp  --  anywhere             anywhere            udp dpts:netbios-ns:netbios-ssn
 DROP       udp  --  anywhere             anywhere            udp spt:netbios-ns dpts:1024:65535
 DROP       tcp  --  anywhere             anywhere            multiport dports 135,netbios-ssn,microsoft-ds
 DROP       udp  --  anywhere             anywhere            udp dpt:1900
 dropNotSyn  tcp  --  anywhere             anywhere
 DROP       udp  --  anywhere             anywhere            udp spt:domain
 
 Chain INPUT (policy DROP)
 target     prot opt source               destination
 ACCEPT     all  --  anywhere             anywhere
 Ifw        all  --  anywhere             anywhere
 eth0_in    all  --  anywhere             anywhere
 venet0_in  all  --  anywhere             anywhere
 veth101_0_in  all  --  anywhere             anywhere
 sit0_in    all  --  anywhere             anywhere
 eth1_in    all  --  anywhere             anywhere
 Reject     all  --  anywhere             anywhere
 LOG        all  --  anywhere             anywhere            LOG level info prefix `Shorewall:INPUT:REJECT:'
 reject     all  --  anywhere             anywhere
 
 Chain FORWARD (policy DROP)
 target     prot opt source               destination
 eth0_fwd   all  --  anywhere             anywhere
 venet0_fwd  all  --  anywhere             anywhere
 veth101_0_fwd  all  --  anywhere             anywhere
 sit0_fwd   all  --  anywhere             anywhere
 eth1_fwd   all  --  anywhere             anywhere
 Reject     all  --  anywhere             anywhere
 LOG        all  --  anywhere             anywhere            LOG level info prefix `Shorewall:FORWARD:REJECT:'
 reject     all  --  anywhere             anywhere
 
 Chain Ifw (1 references)
 target     prot opt source               destination
 RETURN     all  --  anywhere             anywhere            set ifw_wl src
 DROP       all  --  anywhere             anywhere            set ifw_bl src
 IFWLOG     all  --  anywhere             anywhere            state INVALID,NEW psd weight-threshold: 10 delay-threshold: 10000 lo-ports-weight: 1 hi-ports-weight: 2 IFWLOG prefix 'SCAN'
 IFWLOG     udp  --  anywhere             anywhere            state NEW udp dpt:domain IFWLOG prefix 'NEW'
 IFWLOG     tcp  --  anywhere             anywhere            state NEW tcp dpt:http IFWLOG prefix 'NEW'
 IFWLOG     tcp  --  anywhere             anywhere            state NEW tcp dpt:https IFWLOG prefix 'NEW'
 IFWLOG     tcp  --  anywhere             anywhere            state NEW tcp dpt:domain IFWLOG prefix 'NEW'
 IFWLOG     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh IFWLOG prefix 'NEW'
 IFWLOG     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp-data IFWLOG prefix 'NEW'
 IFWLOG     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp IFWLOG prefix 'NEW'
 IFWLOG     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp IFWLOG prefix 'NEW'
 IFWLOG     tcp  --  anywhere             anywhere            state NEW tcp dpt:pop2 IFWLOG prefix 'NEW'
 IFWLOG     tcp  --  anywhere             anywhere            state NEW tcp dpt:pop3 IFWLOG prefix 'NEW'
 IFWLOG     tcp  --  anywhere             anywhere            state NEW tcp dpt:imap IFWLOG prefix 'NEW'
 IFWLOG     tcp  --  anywhere             anywhere            state NEW tcp dpt:10000 IFWLOG prefix 'NEW'
 IFWLOG     tcp  --  anywhere             anywhere            state NEW tcp dpt:4900 IFWLOG prefix 'NEW'
 
 Chain OUTPUT (policy DROP)
 target     prot opt source               destination
 ACCEPT     all  --  anywhere             anywhere
 fw2net     all  --  anywhere             anywhere
 fw2loc     all  --  anywhere             anywhere
 fw2loc     all  --  anywhere             anywhere
 fw2loc     all  --  anywhere             anywhere
 fw2loc     all  --  anywhere             anywhere
 Reject     all  --  anywhere             anywhere
 LOG        all  --  anywhere             anywhere            LOG level info prefix `Shorewall:OUTPUT:REJECT:'
 reject     all  --  anywhere             anywhere
 
 Chain Reject (4 references)
 target     prot opt source               destination
 reject     tcp  --  anywhere             anywhere            tcp dpt:auth
 dropBcast  all  --  anywhere             anywhere
 ACCEPT     icmp --  anywhere             anywhere            icmp fragmentation-needed
 ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded
 dropInvalid  all  --  anywhere             anywhere
 reject     udp  --  anywhere             anywhere            multiport dports 135,microsoft-ds
 reject     udp  --  anywhere             anywhere            udp dpts:netbios-ns:netbios-ssn
 reject     udp  --  anywhere             anywhere            udp spt:netbios-ns dpts:1024:65535
 reject     tcp  --  anywhere             anywhere            multiport dports 135,netbios-ssn,microsoft-ds
 DROP       udp  --  anywhere             anywhere            udp dpt:1900
 dropNotSyn  tcp  --  anywhere             anywhere
 DROP       udp  --  anywhere             anywhere            udp spt:domain
 
 Chain all2all (0 references)
 target     prot opt source               destination
 ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
 Reject     all  --  anywhere             anywhere
 LOG        all  --  anywhere             anywhere            LOG level info prefix `Shorewall:all2all:REJECT:'
 reject     all  --  anywhere             anywhere
 
 Chain dropBcast (2 references)
 target     prot opt source               destination
 DROP       all  --  anywhere             anywhere            PKTTYPE = broadcast
 DROP       all  --  anywhere             anywhere            PKTTYPE = multicast
 
 Chain dropInvalid (2 references)
 target     prot opt source               destination
 DROP       all  --  anywhere             anywhere            state INVALID
 
 Chain dropNotSyn (2 references)
 target     prot opt source               destination
 DROP       tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN
 
 Chain dynamic (10 references)
 target     prot opt source               destination
 
 Chain eth0_fwd (1 references)
 target     prot opt source               destination
 dynamic    all  --  anywhere             anywhere            state INVALID,NEW
 net2all    all  --  anywhere             anywhere
 net2all    all  --  anywhere             anywhere
 net2all    all  --  anywhere             anywhere
 net2all    all  --  anywhere             anywhere
 
 Chain eth0_in (1 references)
 target     prot opt source               destination
 dynamic    all  --  anywhere             anywhere            state INVALID,NEW
 net2fw     all  --  anywhere             anywhere
 
 Chain eth1_fwd (1 references)
 target     prot opt source               destination
 dynamic    all  --  anywhere             anywhere            state INVALID,NEW
 loc2net    all  --  anywhere             anywhere
 ACCEPT     all  --  anywhere             anywhere
 ACCEPT     all  --  anywhere             anywhere
 ACCEPT     all  --  anywhere             anywhere
 
 Chain eth1_in (1 references)
 target     prot opt source               destination
 dynamic    all  --  anywhere             anywhere            state INVALID,NEW
 loc2fw     all  --  anywhere             anywhere
 
 Chain fw2loc (4 references)
 target     prot opt source               destination
 ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
 ACCEPT     all  --  anywhere             anywhere
 
 Chain fw2net (1 references)
 target     prot opt source               destination
 ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
 ACCEPT     all  --  anywhere             anywhere
 
 Chain loc2fw (4 references)
 target     prot opt source               destination
 ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
 ACCEPT     all  --  anywhere             anywhere
 
 Chain loc2net (4 references)
 target     prot opt source               destination
 ...
 
 
 [Updated on: Tue, 06 March 2007 22:32] Report message to a moderator |  
	|  |  |  
	|  |  
	| 
		
			| Re: VPS doesn't work outsite Node server [message #10966 is a reply to message #10916] | Sat, 10 March 2007 16:23   |  
			| 
				
				
					|  xwinner Messages: 11
 Registered: December 2006
 | Junior Member |  |  |  
	| | Vasily Tarasov wrote on Wed, 07 March 2007 02:29 |  | Thanks for information, you've posted.
 
 1) This seems to be strange for me:
 
 Please, remove routing via venet: you don't use this interface as far as I understand.  Note, that this line will automatically appear if you did some time `vzctl set <veid> --ipadd` and config file of VE in question contents IP_ADDRESS="...". So check that it doesn't happen.
[root@scrameustache vz]# ip r l
192.168.0.101 dev veth101.0 scope link
192.168.0.101 dev venet0 scope link
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.10 metric 10
default via 192.168.0.1 dev eth0 metric 10
 2) Also, please, turn off iptables for a while, and check, does it solve the problem.
 
 Thanks,
 Vasily
 
 
 | 
 
 
 Thanks, i don't konw how exactly remove venet route, is it only in the vps101.conf ?
 
 this is my vps101.conf:
 
 #
 # it under the terms of the GNU General Public License as published by
 #
 # This program is distributed in the hope that it will be useful,
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 #
 
 ONBOOT=yes
 
 # Primary parameters
 AVNUMPROC=40:40
 NUMPROC=65:65
 NUMTCPSOCK=80:80
 NUMOTHERSOCK=80:80
 VMGUARPAGES=6144:2147483647
 # Secondary parameters
 KMEMSIZE=2752512:2936012
 TCPSNDBUF=319488:524288
 TCPRCVBUF=319488:524288
 OTHERSOCKBUF=132096:336896
 DGRAMRCVBUF=132096:132096
 OOMGUARPAGES=6144:2147483647
 # Auxiliary parameters
 LOCKEDPAGES=32:32
 SHMPAGES=8192:8192
 PRIVVMPAGES=49152:53575
 NUMFILE=2048:2048
 NUMFLOCK=100:110
 NUMPTY=16:16
 NUMSIGINFO=256:256
 DCACHESIZE=1048576:1097728
 
 PHYSPAGES=0:2147483647
 NUMIPTENT=128:128
 
 DISKSPACE=4500000:4500000
 DISKINODES=200000:220000
 QUOTATIME=0
 
 # CPU fair sheduler parameter
 CPUUNITS=1000
 VE_ROOT=/vz/root/$VEID
 VE_PRIVATE=/vz/private/$VEID
 OSTEMPLATE=mandriva-2006-i386-minimal
 ORIGIN_SAMPLE=vps.basic
 #IP_ADDRESS="192.168.0.101"
 HOSTNAME="vps101.localdomain."
 NAMESERVER="192.168.0.10"
 NETIF=ifname=eth0,mac=00:12:34:56:78:9A,host_ifname=veth101. 0,host_mac=00:12:34:56:78:9B
 |  
	|  |  |  
	| 
		
			| Re: VPS doesn't work outsite Node server [message #10978 is a reply to message #10966] | Sun, 11 March 2007 07:29   |  
			| 
				
				
					|  Vasily Tarasov Messages: 1345
 Registered: January 2006
 | Senior Member |  |  |  
	| Hello, 
 I see, that your VE config file has commented line IP_ADDRESS="..", so the routing rule in question should not appear on VE start. But the rule could appear earlier, and if you edited VE config manually while VE start the rule stays in routing table "permanently" (
  well, I mean, that `vzctl stop` will not remove this rule) So, please, do it manually: 
 ip r d 192.168.0.101 dev venet0and then check that the rule is disappeared.
 
 HTH,
 Vasily
 |  
	|  |  |  
	| 
		
			| Re: VPS doesn't work outsite Node server [message #10994 is a reply to message #10978] | Sun, 11 March 2007 12:26  |  
			| 
				
				
					|  xwinner Messages: 11
 Registered: December 2006
 | Junior Member |  |  |  
	| | Vasily Tarasov wrote on Sun, 11 March 2007 02:29 |  | Hello,
 
 I see, that your VE config file has commented line IP_ADDRESS="..", so the routing rule in question should not appear on VE start. But the rule could appear earlier, and if you edited VE config manually while VE start the rule stays in routing table "permanently" (
  well, I mean, that `vzctl stop` will not remove this rule) So, please, do it manually: 
 ip r d 192.168.0.101 dev venet0and then check that the rule is disappeared.
 
 HTH,
 Vasily
 
 | 
 
 Hello,
 
 this is what I try, is it right ?
 
 
 [root@scrameustache init.d]# ip r d 192.168.0.101 dev venet0
 RTNETLINK answers: No such process
 [root@scrameustache init.d]# ./vz stop
 Shutting down VE 101
 Stopping OpenVZ:                                                [  OK  ]
 [root@scrameustache init.d]# ./vz start
 Starting OpenVZ:                                                [  OK  ]
 Bringing up interface venet0:                                   [  OK  ]
 Configuring interface venet0:                                   [  OK  ]
 Configure node UB resources:                                    [  OK  ]
 Starting VE 101:                                                [  OK  ]
 [root@scrameustache init.d]# ip r d 192.168.0.101 dev venet0
 RTNETLINK answers: No such process
 
 BUT, the vps works, if i make this script:
 
 #!/bin/sh
 # Script name : ServerConfig
 # Configuration du serveur au démarrage du serveur
 
 # [Console Serveur Principal]
 
 ifconfig veth101.0 0
 echo 1 > /proc/sys/net/ipv4/conf/veth101.0/forwarding
 echo 1 > /proc/sys/net/ipv4/conf/veth101.0/proxy_arp
 echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
 echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
 
 vzctl exec 101 /sbin/ifconfig eth0 0
 vzctl exec 101 /sbin/ip addr add 192.168.0.101 dev eth0
 vzctl exec 101 /sbin/ip route add default dev eth0
 
 ip route append 192.168.0.101 dev veth101.0
 ip route del 192.168.0.101 dev venet0
 
 
 . /etc/rc.d/init.d/iptables stop
 . /etc/rc.d/init.d/iptables start
 # End
 
 
 
 This script can help me to run vps fine but i think this is not a clean procedure. If I reboot it works only if I start it via rc.local  with this commande:
 
 echo /vz/ServerConfig | at now + 1 minutes
 
 note: iptables stop & start is your good idea without this stop and start, the vps doesn't work on reboot
 
 |  
	|  |  | 
 
 
 Current Time: Sat Oct 25 04:12:30 GMT 2025 
 Total time taken to generate the page: 0.09302 seconds |