| 
		
			| Network Setup for Multiple Subnets [message #15434] | Tue, 31 July 2007 04:07  |  
			| 
				
				
					|  moorejon Messages: 4
 Registered: July 2007
 | Junior Member |  |  |  
	| I have been looking through the forums and in the user manual and howtos for a way to accomplish this setup. 
 I have recently setup the two server HA setup using the howto in the wiki. We then loaded cPanel inside a VE, so that we now have a highly available cPanel server environment. cPanel seems to like to know the public IP address it is licensed under. Seemingly some providers have figured out how to use private IPs for VPS's but still make cPanel happy, but haven't found a working configuration for this setup and it seemingly makes the HA failover setup more complicated. As a result we created the initial network config with the public IP, and this works correctly.
 
 Next we attempt to setup our backup system. We use an internal subnet 172.18.x.x for our backup system which connects via NFS. This is causing some issues for us. Since the standard setup in OpenVZ seems to be a point to point connection and it also seems that all outbound packets are sent via the first IP address assigned to the VE. Our NFS is setup to authenticate based on the domain name assigned to the internal IP. Since the packets appear to come from the public IP the authentication fails. If we swap the order of the IP addresses so that the internal IP address is the first then all outbound network requests to public IPs fail.  The NFS connection still fails as the VE can't resolve the hostname of the NFS server. In bound connections via ssh and http to the public IP address do work, but cPanel logins fail due to a "license error."
 
 In the feature list for networking features, it mentions the ability to specify the source IP based on the destination address. This sounds like a simple way to get the results I am looking for. Namely if the VE requests a 172.18.x.x IP address, us its assigned IP in the 172.18.x.x subnet. However I can't find any examples of how to enable this particular feature.
 
 Anyone know how we might fix this setup?
 |  
	|  |  | 
	| 
		
			| Re: Network Setup for Multiple Subnets [message #15439 is a reply to message #15434] | Tue, 31 July 2007 07:49   |  
			| 
				
				
					|  khorenko Messages: 533
 Registered: January 2006
 Location: Moscow, Russia
 | Senior Member |  |  |  
	| Hello. 
 may be the following iptables rule (on a Hardware Node) can help you:
 
 # iptables -t nat -A POSTROUTING -s $VE_SRC_PUBLIC_IP -d $PRIVATE_SUBNET -o eth0 -j SNAT --to $VE_SRC_PRIVATE_IP
 
 i.g. if a VE with VE_PUBLIC_IP (say 85.86.87.88) ping a node with private IP (say 172.18.2.3), the source address for the outcoming packets will be changed to $VE_SRC_PRIVATE_IP (say 172.18.2.4).
 
 Hope this helps.
 
 Konstantin.
 
 If your problem is solved - please, report it!
 It's even more important than reporting the problem itself...
 |  
	|  |  | 
	|  | 
	| 
		
			| Re: Network Setup for Multiple Subnets [message #15466 is a reply to message #15454] | Wed, 01 August 2007 07:06  |  
			| 
				
				
					|  khorenko Messages: 533
 Registered: January 2006
 Location: Moscow, Russia
 | Senior Member |  |  |  
	| First of all - which kernel do you use? Next - which host OS and guest OS?
 Do you have sysctl 'kernel.ve_allow_kthreads = 1' ?
 
 Looks like now the problem is not connected with the network configuration but with the nfs configuration itself. Check Google - the error you receive appeares rather often.
 Could you please check if appropriate services are running, in particular portmap, rcp.mountd, rpc.nfsd, rpc.statd.
 
 If all this won't bring the result try to mount the same nfs partition on the Hardware Node.
 
 Hope this helps.
 
 If your problem is solved - please, report it!
 It's even more important than reporting the problem itself...
 |  
	|  |  |