OpenVZ Forum


Home » General » Support » *SOLVED* venet on private addresses
*SOLVED* venet on private addresses [message #11950] Thu, 12 April 2007 13:03 Go to next message
n00b_admin is currently offline  n00b_admin
Messages: 77
Registered: July 2006
Location: Romania
Member
Hello !

I have recently installed an internal gateway which provides access to internet on a private address class (192.168.0.0), this gateway is also HN for several VE's.

The VE's use the venet interface on a different subnet (192.168.100.0), they can communicate with the internet and with the other subnet without problems (communication works both ways between the subnets) but i can't seem to make it work between them. The VE's simply refuse to work on the same subnet.

Does someone else stumbled across this ?

I need to configure the network interfaces of the VE's using veth ?

As long as they work with the other subnet i thought that this is not the case (to use veth instead of venet).

I tried this with the firewall disabled also but still the VE's refused to communicate between them.

Thank you very much for your answer !

Sorry for not being too verbose...

here's a tcpdump log to see what is going on there...

this was a ping from the host 192.168.100.3 to 192.168.100.1 and the 82.0.0.0 is my external ip address that was masked by me.

22:21:35.430851 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 1, length: 84) 192.168.100.3 > 192.168.100.1: icmp 64: echo request seq 0
22:21:35.430911 IP (tos 0xc0, ttl 255, id 52201, offset 0, flags [none], proto 1, length: 112) 82.0.0.0 > 192.168.100.3: icmp 92: host 192.168.100.1 unrea
chable for IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 1, length: 84) 192.168.100.3 > 192.168.100.1: icmp 64: echo request seq 0
22:21:35.431648 IP (tos 0x0, ttl 64, id 39889, offset 0, flags [DF], proto 17, length: 72) 192.168.100.3.32770 > 192.168.100.1.domain: [udp sum ok] 41247+
PTR? 1.100.168.192.in-addr.arpa. (44)
22:21:35.431693 IP (tos 0xc0, ttl 255, id 52202, offset 0, flags [none], proto 1, length: 100) 82.0.0.0 > 192.168.100.3: icmp 80: 192.168.100.1 udp port d
omain unreachable for IP (tos 0x0, ttl 64, id 39889, offset 0, flags [DF], proto 17, length: 72) 192.168.100.3.32770 > 192.168.100.1.domain: 41247+[|domain
]
22:21:35.431732 IP (tos 0x0, ttl 64, id 39889, offset 0, flags [DF], proto 17, length: 72) 192.168.100.3.32770 > 192.168.100.1.domain: [udp sum ok] 41247+
PTR? 1.100.168.192.in-addr.arpa. (44)
22:21:35.431747 IP (tos 0xc0, ttl 255, id 52203, offset 0, flags [none], proto 1, length: 100) 82.0.0.0 > 192.168.100.3: icmp 80: 192.168.100.1 udp port d
omain unreachable for IP (tos 0x0, ttl 64, id 39889, offset 0, flags [DF], proto 17, length: 72) 192.168.100.3.32770 > 192.168.100.1.domain: 41247+[|domain
]
22:21:35.431819 IP (tos 0x0, ttl 64, id 39889, offset 0, flags [DF], proto 17, length: 72) 192.168.100.3.32770 > 192.168.100.1.domain: [udp sum ok] 7889+ P
TR? 3.100.168.192.in-addr.arpa. (44)
22:21:35.431835 IP (tos 0xc0, ttl 255, id 52204, offset 0, flags [none], proto 1, length: 100) 82.0.0.0 > 192.168.100.3: icmp 80: 192.168.100.1 udp port d
omain unreachable for IP (tos 0x0, ttl 64, id 39889, offset 0, flags [DF], proto 17, length: 72) 192.168.100.3.32770 > 192.168.100.1.domain: 7889+[|domain]
22:21:35.431861 IP (tos 0x0, ttl 64, id 39889, offset 0, flags [DF], proto 17, length: 72) 192.168.100.3.32770 > 192.168.100.1.domain: [udp sum ok] 7889+ P
TR? 3.100.168.192.in-addr.arpa. (44)
22:21:35.431875 IP (tos 0xc0, ttl 255, id 52205, offset 0, flags [none], proto 1, length: 100) 82.0.0.0 > 192.168.100.3: icmp 80: 192.168.100.1 udp port d
omain unreachable for IP (tos 0x0, ttl 64, id 39889, offset 0, flags [DF], proto 17, length: 72) 192.168.100.3.32770 > 192.168.100.1.domain: 7889+[|domain]
22:21:35.431982 IP (tos 0x0, ttl 64, id 39889, offset 0, flags [DF], proto 17, length: 70) 192.168.100.3.32770 > 192.168.100.1.domain: [udp sum ok] 45811+
PTR? 0.0.0.82.in-addr.arpa. (42)
22:21:35.431997 IP (tos 0xc0, ttl 255, id 52206, offset 0, flags [none], proto 1, length: 98) 82.0.0.0 > 192.168.100.3: icmp 78: 192.168.100.1 udp port do
main unreachable for IP (tos 0x0, ttl 64, id 39889, offset 0, flags [DF], proto 17, length: 70) 192.168.100.3.32770 > 192.168.100.1.domain: 45811+[|domain]
22:21:35.432023 IP (tos 0x0, ttl 64, id 39889, offset 0, flags [DF], proto 17, length: 70) 192.168.100.3.32770 > 192.168.100.1.domain: [udp sum ok] 45811+
PTR? 0.0.0.82.in-addr.arpa. (42)
22:21:36.431183 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 1, length: 84) 192.168.100.3 > 192.168.100.1: icmp 64: echo request seq 1
22:21:36.431222 IP (tos 0xc0, ttl 255, id 52207, offset 0, flags [none], proto 1, length: 112) 82.0.0.0 > 192.168.100.3: icmp 92: host 192.168.100.1 unrea
chable for IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 1, length: 84) 192.168.100.3 > 192.168.100.1: icmp 64: echo request seq 1
22:21:37.431068 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 1, length: 84) 192.168.100.3 > 192.168.100.1: icmp 64: echo request seq 2
22:21:37.431101 IP (tos 0xc0, ttl 255, id 52208, offset 0, flags [none], proto 1, length: 112) 82.0.0.0 > 192.168.100.3: icmp 92: host 192.168.100.1 unrea
chable for IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 1, length: 84) 192.168.100.3 > 192.168.100.1: icmp 64: echo request seq 2

[Updated on: Thu, 12 April 2007 17:23]

Report message to a moderator

Re: venet on private addresses [message #11957 is a reply to message #11950] Thu, 12 April 2007 17:22 Go to previous message
n00b_admin is currently offline  n00b_admin
Messages: 77
Registered: July 2006
Location: Romania
Member
Solved !

After i searched the forums more thoroughly i've found a fix since i was using shorewall...

The main problem was the firewall and the fix is described in this post...

http://forum.openvz.org/index.php?t=tree&th=866&mid= 4684&&rev=&reveal=
Previous Topic: Loads of processes
Next Topic: TCP retransmission and dup acks
Goto Forum:
  


Current Time: Wed Nov 06 12:44:23 GMT 2024

Total time taken to generate the page: 0.04725 seconds