Home » General » Support » VPS doesn't work outsite Node server
| VPS doesn't work outsite Node server [message #10795] |
Fri, 02 March 2007 15:59  |
xwinner
Messages: 11
Registered: December 2006
|
Junior Member |
|
|
Hi everybody,
My node server is ok to join via http or ssh my VPS's
all of VPS can go outside node can ping "www.yahoo.fr"
But i can't acces the apache of my VPS from external
For sample:
NODE server is 192.168.0.10
VPS101 is : 192.168.0.101
VPS102 is : 192.168.0.102
in VPS 101 i can ping all ip over internet or hostname
in Node i can ping the VPS101 and login on my VPS101 webmin or apache
But from another computer in my lan : 192.168.0.13, in can't acces the VPS101 or VPS102 but can access to the node server
I think is a route probleme, but i can't solve it
Help !
Thanks
André
|
|
|
|
|
|
| Re: VPS doesn't work outsite Node server [message #10901 is a reply to message #10835] |
Tue, 06 March 2007 21:54  |
xwinner
Messages: 11
Registered: December 2006
|
Junior Member |
|
|
| Vasily Tarasov wrote on Mon, 05 March 2007 10:29 |
Hello,
If you ask such question, please, provide details: 
# ip a l
# ip r l
# iptables -L
# iptables -t nat -L
# cat /proc/sys/net/ipv4/ip_forwarding
!!!these commands should be run in VE and on HN!!!
Thanks,
Vasily.
|
in Node Server:
[root@scrameustache vz]# ip a l
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:6e:40:24:1a brd ff:ff:ff:ff:ff:ff
inet 192.168.0.10/24 brd 192.168.0.255 scope global eth0
4: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 00:0c:6e:40:24:19 brd ff:ff:ff:ff:ff:ff
6: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
1: venet0: <BROADCAST,POINTOPOINT,NOARP,UP> mtu 1500 qdisc noqueue
link/void
3: veth101.0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 00:12:34:56:78:9b brd ff:ff:ff:ff:ff:ff
[root@scrameustache vz]# ip r l
192.168.0.101 dev veth101.0 scope link
192.168.0.101 dev venet0 scope link
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.10 metric 10
default via 192.168.0.1 dev eth0 metric 10
[root@scrameustache vz]# iptables -L
Chain Drop (1 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid all -- anywhere anywhere
DROP udp -- anywhere anywhere multiport dports 135,microsoft-ds
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
DROP tcp -- anywhere anywhere multiport dports 135,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Ifw all -- anywhere anywhere
eth0_in all -- anywhere anywhere
venet0_in all -- anywhere anywhere
veth101_0_in all -- anywhere anywhere
sit0_in all -- anywhere anywhere
eth1_in all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:'
reject all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
eth0_fwd all -- anywhere anywhere
venet0_fwd all -- anywhere anywhere
veth101_0_fwd all -- anywhere anywhere
sit0_fwd all -- anywhere anywhere
eth1_fwd all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject all -- anywhere anywhere
Chain Ifw (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere set ifw_wl src
DROP all -- anywhere anywhere set ifw_bl src
IFWLOG all -- anywhere anywhere state INVALID,NEW psd weight-threshold: 10 delay-threshold: 10000 lo-ports-weight: 1 hi-ports-weight: 2 IFWLOG prefix 'SCAN'
IFWLOG udp -- anywhere anywhere state NEW udp dpt:domain IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:http IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:https IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:domain IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:ssh IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:ftp-data IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:ftp IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:smtp IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:pop2 IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:pop3 IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:imap IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:10000 IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:4900 IFWLOG prefix 'NEW'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
fw2net all -- anywhere anywhere
fw2loc all -- anywhere anywhere
fw2loc all -- anywhere anywhere
fw2loc all -- anywhere anywhere
fw2loc all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:'
reject all -- anywhere anywhere
Chain Reject (4 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid all -- anywhere anywhere
reject udp -- anywhere anywhere multiport dports 135,microsoft-ds
reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
reject tcp -- anywhere anywhere multiport dports 135,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain
Chain all2all (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:'
reject all -- anywhere anywhere
Chain dropBcast (2 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
DROP all -- anywhere anywhere PKTTYPE = multicast
Chain dropInvalid (2 references)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
Chain dropNotSyn (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
Chain dynamic (10 references)
target prot opt source destination
Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
net2all all -- anywhere anywhere
net2all all -- anywhere anywhere
net2all all -- anywhere anywhere
net2all all -- anywhere anywhere
Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
net2fw all -- anywhere anywhere
Chain eth1_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
loc2net all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain eth1_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
loc2fw all -- anywhere anywhere
Chain fw2loc (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain loc2fw (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain loc2net (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain net2all (5 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:net2all:DROP:'
DROP all -- anywhere anywhere
Chain net2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere multiport dports http,https,domain,ssh,ftp-data,ftp,smtp,pop2,pop3,imap,10000 ,4900
net2all all -- anywhere anywhere
Chain reject (10 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
DROP all -- anywhere anywhere PKTTYPE = multicast
DROP all -- 192.168.0.255 anywhere
DROP all -- 255.255.255.255 anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain shorewall (0 references)
target prot opt source destination
Chain sit0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
loc2net all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain sit0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
loc2fw all -- anywhere anywhere
Chain smurfs (0 references)
target prot opt source destination
LOG all -- 192.168.0.255 anywhere LOG level info prefix `Shorewall:smurfs:DROP:'
DROP all -- 192.168.0.255 anywhere
LOG all -- 255.255.255.255 anywhere LOG level info prefix `Shorewall:smurfs:DROP:'
DROP all -- 255.255.255.255 anywhere
LOG all -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level info prefix `Shorewall:smurfs:DROP:'
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
Chain venet0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
loc2net all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain venet0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
loc2fw all -- anywhere anywhere
Chain veth101_0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
loc2net all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain veth101_0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
loc2fw all -- anywhere anywhere
[root@scrameustache vz]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@scrameustache vz]# cat /proc/sys/net/ipv4/ip_forward
1
IN VPS:
[root@scrameustache vz]# vzctl enter 101
entered into VE 101
[root@vps101 /]# ip a l
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
3: venet0: <BROADCAST,POINTOPOINT,NOARP> mtu 1500 qdisc noop
link/void
5: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 00:12:34:56:78:9a brd ff:ff:ff:ff:ff:ff
inet 192.168.0.101/32 scope global eth0
[root@vps101 /]# ip r l
default dev eth0 scope link
[root@vps101 /]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@vps101 /]# iptables -t nat -L
iptables v1.3.3: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
[root@vps101 /]# cat /proc/sys/net/ipv4/ip_forward
1
Voilà 
it's a long post now 
THanks,
André
[Updated on: Tue, 06 March 2007 22:32] Report message to a moderator |
|
|
|
|
|
| Re: VPS doesn't work outsite Node server [message #10966 is a reply to message #10916] |
Sat, 10 March 2007 16:23 |
xwinner
Messages: 11
Registered: December 2006
|
Junior Member |
|
|
| Vasily Tarasov wrote on Wed, 07 March 2007 02:29 |
Thanks for information, you've posted.
1) This seems to be strange for me:
[root@scrameustache vz]# ip r l
192.168.0.101 dev veth101.0 scope link
192.168.0.101 dev venet0 scope link
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.10 metric 10
default via 192.168.0.1 dev eth0 metric 10
2) Also, please, turn off iptables for a while, and check, does it solve the problem.
Thanks,
Vasily
|
Thanks, i don't konw how exactly remove venet route, is it only in the vps101.conf ?
this is my vps101.conf:
#
# it under the terms of the GNU General Public License as published by
#
# This program is distributed in the hope that it will be useful,
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
ONBOOT=yes
# Primary parameters
AVNUMPROC=40:40
NUMPROC=65:65
NUMTCPSOCK=80:80
NUMOTHERSOCK=80:80
VMGUARPAGES=6144:2147483647
# Secondary parameters
KMEMSIZE=2752512:2936012
TCPSNDBUF=319488:524288
TCPRCVBUF=319488:524288
OTHERSOCKBUF=132096:336896
DGRAMRCVBUF=132096:132096
OOMGUARPAGES=6144:2147483647
# Auxiliary parameters
LOCKEDPAGES=32:32
SHMPAGES=8192:8192
PRIVVMPAGES=49152:53575
NUMFILE=2048:2048
NUMFLOCK=100:110
NUMPTY=16:16
NUMSIGINFO=256:256
DCACHESIZE=1048576:1097728
PHYSPAGES=0:2147483647
NUMIPTENT=128:128
DISKSPACE=4500000:4500000
DISKINODES=200000:220000
QUOTATIME=0
# CPU fair sheduler parameter
CPUUNITS=1000
VE_ROOT=/vz/root/$VEID
VE_PRIVATE=/vz/private/$VEID
OSTEMPLATE=mandriva-2006-i386-minimal
ORIGIN_SAMPLE=vps.basic
#IP_ADDRESS="192.168.0.101"
HOSTNAME="vps101.localdomain."
NAMESERVER="192.168.0.10"
NETIF=ifname=eth0,mac=00:12:34:56:78:9A,host_ifname=veth101. 0,host_mac=00:12:34:56:78:9B
|
|
|
|
| Re: VPS doesn't work outsite Node server [message #10978 is a reply to message #10966] |
Sun, 11 March 2007 07:29 |
Vasily Tarasov
Messages: 1345
Registered: January 2006
|
Senior Member |
|
|
Hello,
I see, that your VE config file has commented line IP_ADDRESS="..", so the routing rule in question should not appear on VE start. But the rule could appear earlier, and if you edited VE config manually while VE start the rule stays in routing table "permanently" ( well, I mean, that `vzctl stop` will not remove this rule) So, please, do it manually:
ip r d 192.168.0.101 dev venet0
and then check that the rule is disappeared.
HTH,
Vasily
|
|
|
|
| Re: VPS doesn't work outsite Node server [message #10994 is a reply to message #10978] |
Sun, 11 March 2007 12:26 |
xwinner
Messages: 11
Registered: December 2006
|
Junior Member |
|
|
| Vasily Tarasov wrote on Sun, 11 March 2007 02:29 |
Hello,
I see, that your VE config file has commented line IP_ADDRESS="..", so the routing rule in question should not appear on VE start. But the rule could appear earlier, and if you edited VE config manually while VE start the rule stays in routing table "permanently" ( well, I mean, that `vzctl stop` will not remove this rule) So, please, do it manually:
ip r d 192.168.0.101 dev venet0
and then check that the rule is disappeared.
HTH,
Vasily
|
Hello,
this is what I try, is it right ?
[root@scrameustache init.d]# ip r d 192.168.0.101 dev venet0
RTNETLINK answers: No such process
[root@scrameustache init.d]# ./vz stop
Shutting down VE 101
Stopping OpenVZ: [ OK ]
[root@scrameustache init.d]# ./vz start
Starting OpenVZ: [ OK ]
Bringing up interface venet0: [ OK ]
Configuring interface venet0: [ OK ]
Configure node UB resources: [ OK ]
Starting VE 101: [ OK ]
[root@scrameustache init.d]# ip r d 192.168.0.101 dev venet0
RTNETLINK answers: No such process
BUT, the vps works, if i make this script:
#!/bin/sh
# Script name : ServerConfig
# Configuration du serveur au démarrage du serveur
# [Console Serveur Principal]
ifconfig veth101.0 0
echo 1 > /proc/sys/net/ipv4/conf/veth101.0/forwarding
echo 1 > /proc/sys/net/ipv4/conf/veth101.0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
vzctl exec 101 /sbin/ifconfig eth0 0
vzctl exec 101 /sbin/ip addr add 192.168.0.101 dev eth0
vzctl exec 101 /sbin/ip route add default dev eth0
ip route append 192.168.0.101 dev veth101.0
ip route del 192.168.0.101 dev venet0
. /etc/rc.d/init.d/iptables stop
. /etc/rc.d/init.d/iptables start
# End
This script can help me to run vps fine but i think this is not a clean procedure. If I reboot it works only if I start it via rc.local with this commande:
echo /vz/ServerConfig | at now + 1 minutes
note: iptables stop & start is your good idea without this stop and start, the vps doesn't work on reboot
|
|
|
|
Goto Forum:
Current Time: Wed Jul 10 19:33:07 GMT 2024
Total time taken to generate the page: 0.02568 seconds
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
