| 
		
			| *ISSUE* VE route problem [message #13951] | Fri, 08 June 2007 11:35  |  
			| 
				
				
					|  stonenzj Messages: 6
 Registered: June 2007
 | Junior Member |  |  |  
	| Hi, i reinstall the root server at yesterday. openvz working fine before reinstall. Now,the VZ110 can't connect to outside , only connent to HN .
 
 
 
 // Base Kernel
 image = /boot/vmlinuz-2.6.9-55.ELsmp
 label = 2.6.9-55.ELsmp
 initrd = /boot/initrd-2.6.9-55.ELsmp.img
 
 
 // VZ Kernel
 
 Linux 84-16-233-207 2.6.9-023stab044.4-smp #1 SMP Mon May 28 23:18:17 MSD 2007 i686 i686 i386 GNU/Linux
 
 
 // ip r l at HN
 
 84.16.251.121 dev venet0  scope link
 89.149.221.89 dev venet0  scope link
 84.16.233.0/24 dev eth0  proto kernel  scope link  src 84.16.233.207
 169.254.0.0/16 dev eth0  scope link
 default via 84.16.233.1 dev eth0
 
 
 // ip r l at VE110
 
 192.0.2.0/24 dev venet0  scope host
 169.254.0.0/16 dev venet0  scope link
 default via 192.0.2.1 dev venet0
 
 
 //ip a l at HN
 
 2: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
 4: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
 link/ether 00:02:a5:0a:e5:30 brd ff:ff:ff:ff:ff:ff
 inet 84.16.233.207/24 brd 84.16.233.255 scope global eth0
 11: venet0: <BROADCAST,POINTOPOINT,NOARP,UP> mtu 1500 qdisc noqueue
 link/void
 
 
 //ip a l at VE110
 
 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
 3: venet0: <BROADCAST,POINTOPOINT,NOARP,UP> mtu 1500 qdisc noqueue
 link/void
 inet 127.0.0.1/32 scope host venet0
 inet 89.149.221.89/32 brd 89.149.221.89 scope global venet0:0
 inet 84.16.251.121/32 brd 84.16.251.121 scope global venet0:1
 
 
 //route at HN
 
 
 Kernel IP routing table
 Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
 84.16.251.121   0.0.0.0         255.255.255.255 UH    0      0        0 venet0
 89.149.221.89   0.0.0.0         255.255.255.255 UH    0      0        0 venet0
 84.16.233.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
 0.0.0.0         84.16.233.1     0.0.0.0         UG    0      0        0 eth0
 
 
 //route at ve110
 
 
 Kernel IP routing table
 Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
 192.0.2.0       0.0.0.0         255.255.255.0   U     0      0        0 venet0
 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 venet0
 0.0.0.0         192.0.2.1       0.0.0.0         UG    0      0        0 venet0
 
 
 //ifconfig at Ve110
 
 lo        Link encap:Local Loopback
 inet addr:127.0.0.1  Mask:255.0.0.0
 UP LOOPBACK RUNNING  MTU:16436  Metric:1
 RX packets:1230259009 errors:0 dropped:0 overruns:0 frame:0
 TX packets:1631407695 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:0
 RX bytes:1140876388 (1.0 GiB)  TX bytes:1095784005 (1.0 GiB)
 
 venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
 inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.255
 UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
 RX packets:8 errors:0 dropped:0 overruns:0 frame:0
 TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:0
 RX bytes:672 (672.0 b)  TX bytes:3596 (3.5 KiB)
 
 venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
 inet addr:89.149.221.89  P-t-P:89.149.221.89  Bcast:89.149.221.89  Mask:255.255.255.255
 UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
 
 venet0:1  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
 inet addr:84.16.251.121  P-t-P:84.16.251.121  Bcast:84.16.251.121  Mask:255.255.255.255
 UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
 
 //ifconfig at HN
 
 eth0      Link encap:Ethernet  HWaddr 00:02:A5:0A:E5:30
 inet addr:84.16.233.207  Bcast:84.16.233.255  Mask:255.255.255.0
 UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 RX packets:268804 errors:0 dropped:0 overruns:0 frame:0
 TX packets:134942 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000
 RX bytes:150618261 (143.6 MiB)  TX bytes:13052749 (12.4 MiB)
 
 lo        Link encap:Local Loopback
 inet addr:127.0.0.1  Mask:255.0.0.0
 UP LOOPBACK RUNNING  MTU:16436  Metric:1
 RX packets:34 errors:0 dropped:0 overruns:0 frame:0
 TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:0
 RX bytes:4353 (4.2 KiB)  TX bytes:4353 (4.2 KiB)
 
 venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
 UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
 RX packets:44 errors:0 dropped:0 overruns:0 frame:0
 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:0
 RX bytes:3596 (3.5 KiB)  TX bytes:672 (672.0 b)
 
 
 //iptables all stop
 //sysctl -w net.ipv4.ip_forward="1"
 //Ping test
 
 HN to ve110
 
 PING 89.149.221.89 (89.149.221.89) 56(84) bytes of data.
 64 bytes from 89.149.221.89: icmp_seq=0 ttl=64 time=0.197 ms
 64 bytes from 89.149.221.89: icmp_seq=1 ttl=64 time=0.106 ms
 64 bytes from 89.149.221.89: icmp_seq=2 ttl=64 time=0.129 ms
 64 bytes from 89.149.221.89: icmp_seq=3 ttl=64 time=0.092 ms
 64 bytes from 89.149.221.89: icmp_seq=4 ttl=64 time=0.124 ms
 
 HN to DNS
 
 
 PING 217.20.116.1 (217.20.116.1) 56(84) bytes of data.
 64 bytes from 217.20.116.1: icmp_seq=0 ttl=61 time=0.332 ms
 64 bytes from 217.20.116.1: icmp_seq=1 ttl=61 time=0.296 ms
 64 bytes from 217.20.116.1: icmp_seq=2 ttl=61 time=0.283 ms
 64 bytes from 217.20.116.1: icmp_seq=3 ttl=61 time=0.265 ms
 
 VE110 TO HN
 
 
 PING 84.16.233.207 (84.16.233.207) 56(84) bytes of data.
 64 bytes from 84.16.233.207: icmp_seq=0 ttl=64 time=0.222 ms
 64 bytes from 84.16.233.207: icmp_seq=1 ttl=64 time=0.110 ms
 64 bytes from 84.16.233.207: icmp_seq=2 ttl=64 time=0.098 ms
 
 VE110 to DNS
 
 
 PING 217.20.116.1 (217.20.116.1) 56(84) bytes of data.
 
 --- 217.20.116.1 ping statistics ---
 32 packets transmitted, 0 received, 100% packet loss, time 31000ms
 
 
 //traceroute test
 
 HN TO DNS
 traceroute to 217.20.116.1 (217.20.116.1), 30 hops max, 38 byte packets
 1  84.16.224.1  0.531 ms  0.469 ms  0.451 ms
 2  89.149.218.33  0.247 ms  0.232 ms  0.760 ms
 3  89.149.218.14  0.492 ms  0.460 ms  0.506 ms
 4  217.20.116.1  0.243 ms  0.252 ms  0.236 ms
 
 VE TO DNS
 
 traceroute to 217.20.116.1 (217.20.116.1), 30 hops max, 38 byte packets
 1  84.16.233.207 (84.16.233.207)  0.285 ms  0.253 ms  0.084 ms
 2  * * *
 3  * * *
 
 noting
 |  
	|  |  | 
	|  | 
	|  | 
	|  | 
	|  | 
	|  | 
	|  | 
	| 
		
			| Re: *ISSUE* VE route problem [message #13976 is a reply to message #13975] | Fri, 08 June 2007 16:04   |  
			| 
				
				
					|  rickb Messages: 368
 Registered: October 2006
 | Senior Member |  |  |  
	| ok. so your HN is on a public IP, VE on a private, and you want your VE to communicate with the internet. How can it do this when you have not configured any NATing, masquerading, or otherwise any way for the 192.168.* packet to reach the net? you need to rewrite it somehow, somewhere before a router that isn't configured to route 192.168.* receives it. 
 check out this wiki page, http://wiki.openvz.org/Using_NAT_for_VE_with_private_IPs
 
 this scenario describes your setup exactly:
 
 How to provide access for VE to Internet
 
 To enable the VEs, which have only internal IP addresses, to access the Internet, SNAT (Source Network Address Translation, also known as IP masquerading) should be configured on the Hardware Node. This is ensured by the standard Linux iptables utility. To perform a simple SNAT setup, execute the following command on the Hardware Node:
 
 # iptables -t nat -A POSTROUTING -s src_net -o eth0 -j SNAT --to ip_address
 
 
 -------------
 Common Terms I post with: http://wiki.openvz.org/Category:Definitions
 
 UBC. Learn it, love it, live it: http://wiki.openvz.org/Proc/user_beancounters
 |  
	|  |  | 
	| 
		
			| Re: *ISSUE* VE route problem [message #13979 is a reply to message #13976] | Fri, 08 June 2007 16:25   |  
			| 
				
				
					|  stonenzj Messages: 6
 Registered: June 2007
 | Junior Member |  |  |  
	|  VE 89.149.221.89 and HN 84.16.233.207 all public IPs, assign from the provide. And i just re-install the root-server at yesterday, same as OS images , IP's and config. Only different is openvz kernel version.
 Old kernel 2.6.8-022stab078.10 on HN, And VE110 IP's 89.149.221.89 can working, install about one year ago. The root-server and VE can access to outside before re-install.
 [Updated on: Fri, 08 June 2007 16:27] Report message to a moderator |  
	|  |  | 
	| 
		
			| Re: *ISSUE* VE route problem [message #13980 is a reply to message #13979] | Fri, 08 June 2007 16:30   |  
			| 
				
				
					|  rickb Messages: 368
 Registered: October 2006
 | Senior Member |  |  |  
	| oops, sorry. Ok. the last thing I would do, is reassign the IP which you have in the VE to eth0:10 on the HN, and try "ping openvz.org -I IP", specify that IP as the source. If that works, its an openvz problem and someone else will have to throw some ideas at this, as I am empty. 
 If doesn't work, reboot your box into the non openvz kernel, and do the same thing. If you can't ping with that source from the HN (non vz kernel) again, its not a openvz problem.
 
 
 
 -------------
 Common Terms I post with: http://wiki.openvz.org/Category:Definitions
 
 UBC. Learn it, love it, live it: http://wiki.openvz.org/Proc/user_beancounters
 |  
	|  |  | 
	|  |