OpenVZ Forum


Home » General » Support » IP address issue from HW -> VPS
IP address issue from HW -> VPS [message #21123] Tue, 02 October 2007 09:45 Go to next message
smilie is currently offline  smilie
Messages: 20
Registered: September 2007
Junior Member
Hi,

I have following problem:

In apache logs on VPS only IP shown is the IP from the hardware node. This means:

- no good log for any application;
- no possibility to do IP filtering in apache;
- no possibility for the statistics to work;
- any other IP related issue / problem can not be traced.

Has anyone has any idea why am I only seeing IP from HN on my VPS and how to solve this, so the HN will pass 'real' IP's to the VPS?

VPS has it's own IP, different from the HN and is directly accessible through that IP (or so I think).

Any help is appreciated!

Regards,
Aleks

Report message to a moderator

Re: IP address issue from HW -> VPS [message #21200 is a reply to message #21123] Wed, 03 October 2007 10:41 Go to previous messageGo to next message
vaverin is currently offline  vaverin
Messages: 708
Registered: September 2005
Senior Member
Hello Aleks,

src IP can be replaced by NAT on HN.

thank you,
Vasily Averin

Report message to a moderator

Re: IP address issue from HW -> VPS [message #21208 is a reply to message #21200] Wed, 03 October 2007 11:43 Go to previous messageGo to next message
smilie is currently offline  smilie
Messages: 20
Registered: September 2007
Junior Member
Vasily,

Could you give me some more information on how to achief this? Or wikipedia document which could guide me?

Thanks!
Aleks

Report message to a moderator

Re: IP address issue from HW -> VPS [message #21209 is a reply to message #21208] Wed, 03 October 2007 12:02 Go to previous messageGo to next message
vaverin is currently offline  vaverin
Messages: 708
Registered: September 2005
Senior Member
I've found your previous questions:
http://forum.openvz.org/index.php?t=msg&goto=20570&& amp; amp;srch=firewall#msg_20570

Are you sure that you have firewall disabled in HN?
Could you please show output of the following commands in HN:
iptables -t filter -L
iptables -t nat -L

thank you,
Vasily Averin

[Updated on: Wed, 03 October 2007 12:03]

Report message to a moderator

Re: IP address issue from HW -> VPS [message #21210 is a reply to message #21209] Wed, 03 October 2007 12:04 Go to previous messageGo to next message
smilie is currently offline  smilie
Messages: 20
Registered: September 2007
Junior Member
[root@85-31-186-66 ~]# iptables -t filter -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destination

=====

[root@85-31-186-66 ~]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere MARK match 0x9

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Regards,
Aleks

Report message to a moderator

Re: IP address issue from HW -> VPS [message #21213 is a reply to message #21210] Wed, 03 October 2007 12:25 Go to previous messageGo to next message
vaverin is currently offline  vaverin
Messages: 708
Registered: September 2005
Senior Member
smilie wrote on Wed, 03 October 2007 16:04


Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere MARK match 0x9



Could you please explain why you need this rule?
It replaced src IP for all IP packets that have mark 0x9, Obviously you have external traffic marked by this mark, as result all packets to your VE have src IP from HN.

could you please disable iptables service on this node? I expect it should resolve this issue.

thank you,
Vasily Averin

Report message to a moderator

Re: IP address issue from HW -> VPS [message #21214 is a reply to message #21213] Wed, 03 October 2007 12:42 Go to previous messageGo to next message
smilie is currently offline  smilie
Messages: 20
Registered: September 2007
Junior Member
Hi,

I have no idea why this is on?

How can I disable it? Sad

Thanks!

Aleks

Report message to a moderator

Re: IP address issue from HW -> VPS [message #21216 is a reply to message #21213] Wed, 03 October 2007 12:53 Go to previous messageGo to next message
smilie is currently offline  smilie
Messages: 20
Registered: September 2007
Junior Member
I found it and removed it with:

iptables -t nat -D POSTROUTING 1

Thank you for your help!!! Smile

Regards,
Aleks

Report message to a moderator

Re: IP address issue from HW -> VPS [message #21217 is a reply to message #21214] Wed, 03 October 2007 12:54 Go to previous message
vaverin is currently offline  vaverin
Messages: 708
Registered: September 2005
Senior Member
It depend on distribution installed in HN:
On RedHat-based dsitributions you can disable firewall on the running node by using the following command:
# service iptables stop

And then you need to disable iptable service
# chkconfig iptables off

Report message to a moderator

Previous Topic: *SOLVED* Need help with networking
Next Topic: problem with openvpn
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Tue Dec 02 21:41:11 GMT 2025

Total time taken to generate the page: 0.53042 seconds
Powered by FUDforum Powered by Virtuozzo Containers