OpenVZ Forum


Home » General » Support » *SOLVED* Shorewall
*SOLVED* Shorewall [message #16399] Tue, 04 September 2007 19:10 Go to next message
maximiliano is currently offline  maximiliano
Messages: 8
Registered: September 2007
Junior Member
Hello,
I have a problem with OpenVZ and I need help please. I search in forum but I dont find the solution to my problem.

I installed OpenVZ and I have shorewall install in Hardware Node.

From hardware Node to VPS I can ping and connect with ssh without any problem.
But when I want to ping from a lan machine to VPS, I cant. Why??

My shorewall's configuration is:

Zone
====
#ZONE TYPE
fw firewall
net ipv4
openv ipv4

Interfaces
==========
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect
openv venet0 192.168.10.255 routeback


Policy
======
#SOURCE DEST POLICY LOG
fw net ACCEPT
net all DROP info
all all REJECT info

rules
=====
Ping/ACCEPT fw openv
Ping/ACCEPT net openv
ACCEPT fw openv tcp 22

In the message log I cant see nothing so I dont know what can it be...

Thnx,

Best Regards
Maximiliano

[Updated on: Fri, 07 September 2007 04:00] by Moderator

Report message to a moderator

Re: Shorewall [message #16400 is a reply to message #16399] Tue, 04 September 2007 19:18 Go to previous messageGo to next message
maximiliano is currently offline  maximiliano
Messages: 8
Registered: September 2007
Junior Member
Ok sorry to post, I found solution:

RULES
=====
Ping/ACCEPT fw openv
Ping/ACCEPT net openv
ACCEPT fw openv tcp 22

Ping/ACCEPT openv fw <-- add
Ping/ACCEPT openv net <-- add

Thnx Everyone
Best Regards
Maximiliano
Re: Shorewall [message #16401 is a reply to message #16400] Tue, 04 September 2007 19:23 Go to previous messageGo to next message
maximiliano is currently offline  maximiliano
Messages: 8
Registered: September 2007
Junior Member
Sorry but didn't work. Evil or Very Mad

This work to ping from VPS -> Hardware Node

But I cant ping lan machines! Mad

Can anyone help me please?

Thnx
Re: Shorewall [message #16406 is a reply to message #16401] Wed, 05 September 2007 03:21 Go to previous messageGo to next message
Vasily Tarasov is currently offline  Vasily Tarasov
Messages: 1345
Registered: January 2006
Senior Member
Hi,

First of all, tell us, please, does without the shorewall everything works as you expect? It will narrow the area of investigation greatly Wink

Thank you,
Vasily
Re: Shorewall [message #16412 is a reply to message #16406] Wed, 05 September 2007 11:28 Go to previous messageGo to next message
maximiliano is currently offline  maximiliano
Messages: 8
Registered: September 2007
Junior Member
Yes, This was my first OpenVZ's installation and I did not have any problem to this.
Hardware Node is installed with CENTOS 4.5 and OpenVZ 2.6.9-023stab044.4-smp kernel.
I could create one VPS with centos 4 Metadata template and this work good.
My only problem is when I start shorewall in the hardware node, I lost connection between VPS and Networks Machines and vice versa.

I think that the problem must be in the shorewall configuration but I cant see nothing in syslog.
I reed something about add "options ip_conntrack ip_conntrack_enable_ve0=1" in /etc/modprobe.conf but nothing happend.

I think that OpenVZ is an excelent option for Virtualization and with a little knowledge and desire can use that very well.

If some person could configure shorewall with OpenVZ in the hardware Node please post configuration (interfaces,zones,policy and rules).

Best Regards
Maximiliano NC.

[Updated on: Wed, 05 September 2007 11:30]

Report message to a moderator

Re: Shorewall [message #16413 is a reply to message #16412] Wed, 05 September 2007 12:45 Go to previous message
maximiliano is currently offline  maximiliano
Messages: 8
Registered: September 2007
Junior Member
Ok People I found the solution to my problem...

When I raised shorewall service I could note this -> IP Forwarding Disabled!

So, to enable that I go to -> /etc/shorewall/shorewall.conf

and change IP_FORWARDING=Off to On!

This Solve All my problems.

I hope that this solution Helps to other people.

Thnx!
Best Regards
Maximiliano N. C.
maximiliano.arg@gmail.com

[Updated on: Wed, 05 September 2007 12:46]

Report message to a moderator

Previous Topic: No any quotas !
Next Topic: *SOLVED* apache2: access denied
Goto Forum:
  


Current Time: Sat Nov 09 17:56:11 GMT 2024

Total time taken to generate the page: 0.03269 seconds