OpenSuSE precreated no connectiviy [message #12262] |
Mon, 23 April 2007 12:15 |
goeldi
Messages: 92 Registered: June 2006
|
Member |
|
|
I use a CentOS 5 as HN and the OpenSuSE 10 precreated image as VE. Kernel is 2.6.18-8.el5.028stab027.1. This software is on the HN:
vzquota-3.0.9-1
vzyum-2.4.0-11
vzpkg-2.7.0-18
vzrpm43-python-4.3.3-7_nonptl.6
vztmpl-centos-4-2.0-2
vzctl-lib-3.0.16-1
vzctl-3.0.16-1
vzrpm44-4.4.1-22.5
vzrpm44-python-4.4.1-22.5
vzrpm43-4.3.3-7_nonptl.6
I can start and stop the VE from HN without any problem. Yum on HN works too. Now my problem is, that I have no connectivity at all to and from the VE (ping from HN to VE and ping from VE to HN or the internet doesn't work).
Here is my configuration:
/sbin/ifconfig -a on HN:
eth1 Link encap:Ethernet HWaddr 00:14:78:06:60:A0
inet addr:147.86.124.80 Bcast:147.86.127.255 Mask:255.255.252.0
inet6 addr: fe80::214:78ff:fe06:60a0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:300 errors:0 dropped:0 overruns:0 frame:0
TX packets:102 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:29180 (28.4 KiB) TX bytes:11179 (10.9 KiB)
Interrupt:201 Base address:0x8c00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:147.86.124.83 P-t-P:147.86.124.83 Bcast:147.86.127.255 Mask:255.255.252.0
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
/sbin/ifconfig -a on VE:
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:147.86.124.81 P-t-P:147.86.124.81 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
ifconfig -a on VE:
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:147.86.124.81 P-t-P:147.86.124.81 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
route -n on VE:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 venet0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
route -n on HN:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
147.86.124.0 0.0.0.0 255.255.252.0 U 0 0 0 eth1
147.86.124.0 0.0.0.0 255.255.252.0 U 0 0 0 venet0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 venet0
0.0.0.0 147.86.124.1 0.0.0.0 UG 0 0 0 eth1
iptables -L -vn on HN:
[CODE]
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
614 64302 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 325 packets, 37935 bytes)
pkts bytes target prot opt in out source destination
Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2 168 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
390 30609 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10000
1 48 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
221 33477 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited[/CODE]
iptables on VE is not running
/etc/vz/conf/12481.conf
ONBOOT="yes"
# UBC parameters (in form of barrier:limit)
# Primary parameters
AVNUMPROC="40:40"
NUMPROC="65:65"
NUMTCPSOCK="80:80"
NUMOTHERSOCK="80:80"
VMGUARPAGES="6144:2147483647"
# Secondary parameters
KMEMSIZE="2752512:2936012"
TCPSNDBUF="319488:524288"
TCPRCVBUF="319488:524288"
OTHERSOCKBUF="132096:336896"
DGRAMRCVBUF="132096:132096"
OOMGUARPAGES="6144:2147483647"
# Auxiliary parameters
LOCKEDPAGES="32:32"
SHMPAGES="8192:8192"
PRIVVMPAGES="59152:63575"
NUMFILE="2048:2048"
NUMFLOCK="100:110"
NUMPTY="16:16"
NUMSIGINFO="256:256"
DCACHESIZE="1048576:1097728"
PHYSPAGES="0:2147483647"
NUMIPTENT="128:128"
# Disk quota parameters (in form of softlimit:hardlimit)
DISKSPACE="1048576:1153434"
DISKINODES="200000:220000"
QUOTATIME="0"
# CPU fair sheduler parameter
CPUUNITS="1000"
VE_ROOT="/vz/root/$VEID"
VE_PRIVATE="/vz/private/$VEID"
OSTEMPLATE="opensuse-10-i386-default"
ORIGIN_SAMPLE="vps.basic"
IP_ADDRESS="147.86.124.81"
HOSTNAME="12481.fhnw.ch"
/etc/vz/vz.conf:
## Global parameters
VIRTUOZZO=yes
LOCKDIR=/vz/lock
DUMPDIR=/vz/dump
VE0CPUUNITS=1000
## Logging parameters
LOGGING=yes
LOGFILE=/var/log/vzctl.log
LOG_LEVEL=0
VERBOSE=0
## Disk quota parameters
DISK_QUOTA=yes
VZFASTBOOT=no
# The name of the device whose ip address will be used as source ip for VE.
# By default automatically assigned.
#VE_ROUTE_SRC_DEV="eth0"
## Template parameters
TEMPLATE=/vz/template
## Defaults for VEs
VE_ROOT=/vz/root/$VEID
VE_PRIVATE=/vz/private/$VEID
CONFIGFILE="vps.basic"
DEF_OSTEMPLATE="fedora-core-4"
## Load vzwdog module
VZWDOG="no"
IPV6="no"
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"
|
|
|
|
|
|
Re: OpenSuSE precreated no connectiviy [message #12337 is a reply to message #12336] |
Wed, 25 April 2007 13:32 |
goeldi
Messages: 92 Registered: June 2006
|
Member |
|
|
1) /proc/sys/net/ipv4/ip_forward
1
2) can you ping google by IP address?
Yes!
3) try to flush all iptables rules except NAT from VE.
iptables is not running in the VE:
/usr/sbin/iptables -L -vn
Chain INPUT (policy ACCEPT 32 packets, 2544 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 33 packets, 1816 bytes)
pkts bytes target prot opt in out source destination
|
|
|
|
Re: OpenSuSE precreated no connectiviy [message #12341 is a reply to message #12340] |
Wed, 25 April 2007 13:50 |
goeldi
Messages: 92 Registered: June 2006
|
Member |
|
|
iptables -t nat -L -nv in HN:
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
|
|
|
|
Re: OpenSuSE precreated no connectiviy [message #12343 is a reply to message #12342] |
Wed, 25 April 2007 14:04 |
goeldi
Messages: 92 Registered: June 2006
|
Member |
|
|
OK:
/etc/vz/conf/481.conf now:
ONBOOT="yes"
# UBC parameters (in form of barrier:limit)
# Primary parameters
AVNUMPROC="40:40"
NUMPROC="65:65"
NUMTCPSOCK="80:80"
NUMOTHERSOCK="80:80"
VMGUARPAGES="6144:2147483647"
# Secondary parameters
KMEMSIZE="2752512:2936012"
TCPSNDBUF="319488:524288"
TCPRCVBUF="319488:524288"
OTHERSOCKBUF="132096:336896"
DGRAMRCVBUF="132096:132096"
OOMGUARPAGES="6144:2147483647"
# Auxiliary parameters
LOCKEDPAGES="32:32"
SHMPAGES="8192:8192"
PRIVVMPAGES="49152:53575"
NUMFILE="2048:2048"
NUMFLOCK="100:110"
NUMPTY="16:16"
NUMSIGINFO="256:256"
DCACHESIZE="1048576:1097728"
PHYSPAGES="0:2147483647"
NUMIPTENT="128:128"
# Disk quota parameters (in form of softlimit:hardlimit)
DISKSPACE="1048576:1153434"
DISKINODES="200000:220000"
QUOTATIME="0"
# CPU fair sheduler parameter
CPUUNITS="1000"
VE_ROOT="/vz/root/$VEID"
VE_PRIVATE="/vz/private/$VEID"
OSTEMPLATE="opensuse-10-i386-default"
ORIGIN_SAMPLE="vps.basic"
IP_ADDRESS="147.86.124.81"
IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT"
NAMESERVER="208.67.222.222"
Still cannot ping to domain names, pinging to ips works.
|
|
|
|
|
|
|
|
Re: OpenSuSE precreated no connectiviy [message #12351 is a reply to message #12350] |
Wed, 25 April 2007 15:06 |
goeldi
Messages: 92 Registered: June 2006
|
Member |
|
|
nslookup google.com 208.67.222.222 on HN:
Server: 208.67.222.222
Address: 208.67.222.222#53
Non-authoritative answer:
Name: google.com
Address: 72.14.207.99
Name: google.com
Address: 64.233.187.99
Name: google.com
Address: 64.233.167.99
nslookup google.com 195.85.81.128 on HN:
;; connection timed out; no servers could be reached
nslookup google.com 208.67.222.222 on VE:
;; connection timed out; no servers could be reached
nslookup google.com 195.85.81.128 on VE:
;; connection timed out; no servers could be reached
|
|
|
|
Re: OpenSuSE precreated no connectiviy [message #12353 is a reply to message #12352] |
Wed, 25 April 2007 15:31 |
goeldi
Messages: 92 Registered: June 2006
|
Member |
|
|
There are 2 internal DNS which I tried in HN and VE: same effect. There is no Firewall between those DNS and this machine.
nslookup google.com 208.67.222.222 from HN when HN is .124.81 works perfect.
The two internal DNS I tried are 147.86.80.20 and 147.86.80.21.
|
|
|
|
Re: OpenSuSE precreated no connectiviy [message #12396 is a reply to message #12354] |
Fri, 27 April 2007 06:25 |
goeldi
Messages: 92 Registered: June 2006
|
Member |
|
|
tcpdump gives no output when I do that, except of this message at start time:
tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back to cooked socket
tcpdump: WARNING: venet0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on venet0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
BTW: I had to change /etc/sysconfig/network-scripts/ifcfg-venet0 from BOOTPROTO=dhcp to BOOTPROTO=static
|
|
|
|
Re: OpenSuSE precreated no connectiviy [message #12433 is a reply to message #12397] |
Sat, 28 April 2007 06:08 |
Vasily Tarasov
Messages: 1345 Registered: January 2006
|
Senior Member |
|
|
Thank you for investigating, can you fill two bugs, please:
1st: if iptables are loaded during start up then DNS doesn't work after rules are flushed. Please, don't forget to add there information about kernel version and _rules_ that are in iptables on startup!
2nd: with kernel crash and when it happens.
Thank you,
your help is very appreciated,
Vasily
|
|
|