| *SOLVED* Shorewall [message #16399] |
Tue, 04 September 2007 19:10  |
maximiliano
Messages: 8
Registered: September 2007
|
Junior Member |
|
|
Hello,
I have a problem with OpenVZ and I need help please. I search in forum but I dont find the solution to my problem.
I installed OpenVZ and I have shorewall install in Hardware Node.
From hardware Node to VPS I can ping and connect with ssh without any problem.
But when I want to ping from a lan machine to VPS, I cant. Why??
My shorewall's configuration is:
Zone
====
#ZONE TYPE
fw firewall
net ipv4
openv ipv4
Interfaces
==========
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect
openv venet0 192.168.10.255 routeback
Policy
======
#SOURCE DEST POLICY LOG
fw net ACCEPT
net all DROP info
all all REJECT info
rules
=====
Ping/ACCEPT fw openv
Ping/ACCEPT net openv
ACCEPT fw openv tcp 22
In the message log I cant see nothing so I dont know what can it be...
Thnx,
Best Regards
Maximiliano
[Updated on: Fri, 07 September 2007 04:00] by Moderator Report message to a moderator |
|
|
|
|
|
|
|
|
|
| Re: Shorewall [message #16412 is a reply to message #16406] |
Wed, 05 September 2007 11:28  |
maximiliano
Messages: 8
Registered: September 2007
|
Junior Member |
|
|
Yes, This was my first OpenVZ's installation and I did not have any problem to this.
Hardware Node is installed with CENTOS 4.5 and OpenVZ 2.6.9-023stab044.4-smp kernel.
I could create one VPS with centos 4 Metadata template and this work good.
My only problem is when I start shorewall in the hardware node, I lost connection between VPS and Networks Machines and vice versa.
I think that the problem must be in the shorewall configuration but I cant see nothing in syslog.
I reed something about add "options ip_conntrack ip_conntrack_enable_ve0=1" in /etc/modprobe.conf but nothing happend.
I think that OpenVZ is an excelent option for Virtualization and with a little knowledge and desire can use that very well.
If some person could configure shorewall with OpenVZ in the hardware Node please post configuration (interfaces,zones,policy and rules).
Best Regards
Maximiliano NC.
[Updated on: Wed, 05 September 2007 11:30] Report message to a moderator |
|
|
|
| Re: Shorewall [message #16413 is a reply to message #16412] |
Wed, 05 September 2007 12:45 |
maximiliano
Messages: 8
Registered: September 2007
|
Junior Member |
|
|
Ok People I found the solution to my problem...
When I raised shorewall service I could note this -> IP Forwarding Disabled!
So, to enable that I go to -> /etc/shorewall/shorewall.conf
and change IP_FORWARDING=Off to On!
This Solve All my problems.
I hope that this solution Helps to other people.
Thnx!
Best Regards
Maximiliano N. C.
maximiliano.arg@gmail.com
[Updated on: Wed, 05 September 2007 12:46] Report message to a moderator |
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
