Home » General » Support » VPS doesn't work outsite Node server
| Re: VPS doesn't work outsite Node server [message #10901 is a reply to message #10835] |
Tue, 06 March 2007 21:54   |
xwinner
Messages: 11
Registered: December 2006
|
Junior Member |
|
|
| Vasily Tarasov wrote on Mon, 05 March 2007 10:29 |
Hello,
If you ask such question, please, provide details: 
# ip a l
# ip r l
# iptables -L
# iptables -t nat -L
# cat /proc/sys/net/ipv4/ip_forwarding
!!!these commands should be run in VE and on HN!!!
Thanks,
Vasily.
|
in Node Server:
[root@scrameustache vz]# ip a l
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:6e:40:24:1a brd ff:ff:ff:ff:ff:ff
inet 192.168.0.10/24 brd 192.168.0.255 scope global eth0
4: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 00:0c:6e:40:24:19 brd ff:ff:ff:ff:ff:ff
6: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
1: venet0: <BROADCAST,POINTOPOINT,NOARP,UP> mtu 1500 qdisc noqueue
link/void
3: veth101.0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 00:12:34:56:78:9b brd ff:ff:ff:ff:ff:ff
[root@scrameustache vz]# ip r l
192.168.0.101 dev veth101.0 scope link
192.168.0.101 dev venet0 scope link
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.10 metric 10
default via 192.168.0.1 dev eth0 metric 10
[root@scrameustache vz]# iptables -L
Chain Drop (1 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid all -- anywhere anywhere
DROP udp -- anywhere anywhere multiport dports 135,microsoft-ds
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
DROP tcp -- anywhere anywhere multiport dports 135,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Ifw all -- anywhere anywhere
eth0_in all -- anywhere anywhere
venet0_in all -- anywhere anywhere
veth101_0_in all -- anywhere anywhere
sit0_in all -- anywhere anywhere
eth1_in all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:'
reject all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
eth0_fwd all -- anywhere anywhere
venet0_fwd all -- anywhere anywhere
veth101_0_fwd all -- anywhere anywhere
sit0_fwd all -- anywhere anywhere
eth1_fwd all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject all -- anywhere anywhere
Chain Ifw (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere set ifw_wl src
DROP all -- anywhere anywhere set ifw_bl src
IFWLOG all -- anywhere anywhere state INVALID,NEW psd weight-threshold: 10 delay-threshold: 10000 lo-ports-weight: 1 hi-ports-weight: 2 IFWLOG prefix 'SCAN'
IFWLOG udp -- anywhere anywhere state NEW udp dpt:domain IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:http IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:https IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:domain IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:ssh IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:ftp-data IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:ftp IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:smtp IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:pop2 IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:pop3 IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:imap IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:10000 IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:4900 IFWLOG prefix 'NEW'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
fw2net all -- anywhere anywhere
fw2loc all -- anywhere anywhere
fw2loc all -- anywhere anywhere
fw2loc all -- anywhere anywhere
fw2loc all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:'
reject all -- anywhere anywhere
Chain Reject (4 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid all -- anywhere anywhere
reject udp -- anywhere anywhere multiport dports 135,microsoft-ds
reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
reject tcp -- anywhere anywhere multiport dports 135,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain
Chain all2all (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:'
reject all -- anywhere anywhere
Chain dropBcast (2 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
DROP all -- anywhere anywhere PKTTYPE = multicast
Chain dropInvalid (2 references)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
Chain dropNotSyn (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
Chain dynamic (10 references)
target prot opt source destination
Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
net2all all -- anywhere anywhere
net2all all -- anywhere anywhere
net2all all -- anywhere anywhere
net2all all -- anywhere anywhere
Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
net2fw all -- anywhere anywhere
Chain eth1_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
loc2net all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain eth1_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
loc2fw all -- anywhere anywhere
Chain fw2loc (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain loc2fw (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain loc2net (4 references)
target prot opt source destination
...
[Updated on: Tue, 06 March 2007 22:32] Report message to a moderator |
|
|
|
Current Time: Wed Jul 10 23:21:38 GMT 2024
Total time taken to generate the page: 0.02455 seconds
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
