Re: Cannot Start VE - Unable to set capability: Operation not permitted [message #23290 is a reply to message #23287] |
Thu, 15 November 2007 09:37 |
vaverin
Messages: 708 Registered: September 2005
|
Senior Member |
|
|
JFOC wrote on Thu, 15 November 2007 11:54 | [host-node] vzctl create 100 --ostemplate=debian-4.0-i386-minimal
[host-node] vzctl set 100 --ipadd 192.168.0.100 --save
[host-node] vzctl set 100 --nameserver 209.250.234.162 --save
[host-node] vzctl set 100 --hostname vps100 --save
|
I would note that it is enough for VE networking via venet interface
http://wiki.openvz.org/Virtual_network_device
veth interface is an alternative soulution, and you can not use it at all.
JFOC wrote on Thu, 15 November 2007 11:54 | [host-node] vzctl set 100 --netif_add eth0,00:0C:29:08:EE:48 --save
[host-node] vzctl start 100
[host-node] ifconfig veth101.0 0
[host-node] echo 1 > /proc/sys/net/ipv4/conf/veth100.0/forwarding
[host-node] echo 1 > /proc/sys/net/ipv4/conf/veth100.0/proxy_arp
[host-node] echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
[host-node] echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
[host-node] vzctl enter 100
[ve-100] ifcfg eth0 0
[ve-100] ifconfig eth0 192.168.0.99
[ve-100] route add default eth0
[ve-100] exit
[host-node] route add 192.168.0.99 dev veth100.0
|
As I've explained above Veth interafce is not necessary, but
at this point you have configured veth interface too.
JFOC wrote on Thu, 15 November 2007 11:54 | [host-node] iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 209.250.234.162
|
this rule means that all forwarded packets will have source ip=209.250.234.162. Is it your hardware node's IP?
JFOC wrote on Thu, 15 November 2007 11:54 | [host-node] vzctl enter 100
[ve-100] ping jfoc.net --> the result is ping: unknown host jfoc.net
Above is an instruction i followed step-by-step, but still cannot access the Internet From VE
|
As far as I see you cannot translate jfoc.net name to IP. Are you sure that you have started nameserver on your hardware node? If not -- you can set to VE the same nameserver that uses your hardware node.
Then let's check the following:
- do you able to ping HW node from inside VE (by using its IP)?
- do you able to ping some external IP from inside VE?
thank you,
Vasily Averin
[Updated on: Thu, 15 November 2007 09:38] Report message to a moderator
|
|
|