| Running VEs on a Strato Hostsystem with natted public->private ip-addresses [message #9675] |
Tue, 16 January 2007 16:50  |
BAzfH
Messages: 2
Registered: January 2007
Location: Moenchengladbach, DE
|
Junior Member |
|
|
Hi,
i am having a problem I am stuck on with Openvz. First of all some pre-information that i find to be useful:
Host OS: Debian Etch (4.0 / testing)
Host Kernel: 2.6.18-1-openvz (patched with kernel-patch-openvz from debian/testing archive)
Host Interfaces:
eth0: X.X.X.X (public address)
eth0:0: Y.Y.Y.Y (public address)
The setup I desire is to have is: a VE inside openvz running Debian Etch, serving some services which are to be available on the
eth0:0's ip-address. This should be achieved by doing some SNAT for outgoing traffic and some DNAT for incoming traffic on some specific ports. Therefore i thin venet is the best choice for me, also because i maybe would like to switch to have more then one VE, each providing *one* specific service.
So what i do is:
1. Create a VE with an private ip-address (tried IP-Addresses in all of the three possible classes)
2. Add iptables-rules on the host system according to this documentation:
http://wiki.openvz.org/Using_NAT_for_VE_with_private_IPs
That does result in such messages when starting an VE:
arpsend: 10.0.0.101 is detected on another computer : 00:00:5e:00:01:02
Also network is *not* working. Inside of the VE i can do ICMP-flood other systems and getting replies, but i cannot do something more like e.g. connecting systems. It is not a DNS problem, cause I've checked that by connecting a specific service by its ip and port. I heard there may be a future enabled on the HSP switch for security concerns that is answering the arpsend request which results in the above error message. But i quiet don't understand why this switch does get info about my internal ip address? Isn't it possible to configure it so, that _only_ the host system is able to "see" these addresses? Switch does not need to, or am I wrong?
So what i want to know is: Is my approach right? Do i miss something? If you need more input to help me, feel free to ask for it. Did anyone setup openvz on a strato server who knows whats specific with Strato Servers who can guide me a bit?
Thanks in advance
Best Regards
Patrick / BAzfH
|
|
|
|
|
|
| [SOLVED BELOW] Re: Running VEs on a Strato Hostsystem with natted public->private ip-addresses [message #10970 is a reply to message #9720] |
Sat, 10 March 2007 20:50  |
jonwatson
Messages: 21
Registered: March 2007
|
Junior Member |
|
|
I'm having exactly the same problem, yet I know for certain that there is no other machine on the network with this IP.
I had an IP assigned to a running VE and then didn't need it anymore. So I stopped and destroyed the VE. From that point on, I have been enable to use this IP again because whenever I try to start a new VE with that IP, I get the IP Address in use error.
I then abandoned that IP address altogether and created a new VE with a new IP address that I had never used before. I get the samee results.
Starting VE ...
VE is mounted
Adding IP address(es): 68.128.52.229
arpsend: 68.128.52.229 is detected on another computer : 00:0c:30:c1:87:ff
vps-net_add WARNING: arpsend -c 1 -w 1 -D -e 68.128.52.229 eth0 FAILED
If I understand correctly, when a VE starts, it sends a ping or something to the IP address it is going to use. If something responds, then it thinks the address is in use and fails.
The MAC asddress that is responding to the pings (or whatever they are) is the MAC address of my provider's gateway. I don't know why it responds to these pings, but I do know that the IP is not in use.
Is there some way to bypass this check or force OpenVZ to start regardless?
This little problem has rendered my box pretty much useless to serving up VPSes.
Any help is appreciated.
Thanks!
[Updated on: Mon, 12 March 2007 08:57] by Moderator Report message to a moderator |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
))
