| cannot ping internet from within VE [message #30749] |
Fri, 06 June 2008 00:06  |
thorpe
Messages: 16
Registered: February 2008
Location: Sydney - Australia
|
Junior Member |
|
|
I have a few VE's setup, none of which seem to be able to reach the internet. They can all ping each other and VE0, but nothing outside.
I hope I post enough information.
/etc/vz/conf/10104.conf
NUMPROC="2552:2552"
AVNUMPROC="1276:1276"
NUMTCPSOCK="2552:2552"
NUMOTHERSOCK="2552:2552"
VMGUARPAGES="106535:9223372036854775807"
KMEMSIZE="104566476:115023123"
TCPSNDBUF="24402500:34855492"
TCPRCVBUF="24402500:34855492"
OTHERSOCKBUF="12201250:22654242"
DGRAMRCVBUF="12201250:12201250"
OOMGUARPAGES="106535:9223372036854775807"
PRIVVMPAGES="639210:703131"
LOCKEDPAGES="5105:5105"
SHMPAGES="63921:63921"
PHYSPAGES="0:9223372036854775807"
NUMFILE="40832:40832"
NUMFLOCK="1000:1100"
NUMPTY="255:255"
NUMSIGINFO="1024:1024"
DCACHESIZE="22834205:23519232"
NUMIPTENT="125:125"
DISKSPACE="936398:1030038"
DISKINODES="254089:279499"
CPUUNITS="17651"
VE_ROOT="/var/lib/vz/root/$VEID"
VE_PRIVATE="/var/lib/vz/private/$VEID"
OSTEMPLATE="debian-4.0-minimal"
ORIGIN_SAMPLE="my-16"
IP_ADDRESS="192.168.10.104"
HOSTNAME="etch-lab"
NAMESERVER="203.0.178.191"
SEARCHDOMAIN="thorpesystems.local"
ONBOOT="yes"
NAME="etch-lab"
/etc/sysctl.conf
kernel.printk = 4 4 1 7
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
And my iptables rules on VE0.
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Do you need more info? Where should I start?
My VE0 has no problems pinging the internet.
|
|
|
|
|
|
| Re: cannot ping internet from within VE [message #30843 is a reply to message #30755] |
Mon, 09 June 2008 07:10  |
thorpe
Messages: 16
Registered: February 2008
Location: Sydney - Australia
|
Junior Member |
|
|
My HN is actually within the same network with an ip address of 192.168.10.2
Here are a few details from the HN.
thorpe@oblivion ~ # sudo ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:96 errors:0 dropped:0 overruns:0 frame:0
TX packets:96 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:8164 (7.9 KiB) TX bytes:8164 (7.9 KiB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:248498 errors:0 dropped:0 overruns:0 frame:0
TX packets:114369 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:17486738 (16.6 MiB) TX bytes:10247348 (9.7 MiB)
wlan0 Link encap:Ethernet HWaddr 00:1c:f0:89:f5:10
inet addr:192.168.10.2 Bcast:192.255.255.255 Mask:255.0.0.0
inet6 addr: fe80::21c:f0ff:fe89:f510/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:227400 errors:0 dropped:0 overruns:0 frame:0
TX packets:490967 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:68627472 (65.4 MiB) TX bytes:39396100 (37.5 MiB)
wmaster0 Link encap:UNSPEC HWaddr 00-1C-F0-89-F5-10-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
thorpe@oblivion ~ # ip route list table all
192.168.10.104 dev venet0 scope link src 192.168.10.2
192.168.10.105 dev venet0 scope link src 192.168.10.2
192.168.10.106 dev venet0 scope link src 192.168.10.2
192.168.10.100 dev venet0 scope link src 192.168.10.2
192.168.10.101 dev venet0 scope link src 192.168.10.2
192.168.10.102 dev venet0 scope link src 192.168.10.2
192.168.10.103 dev venet0 scope link src 192.168.10.2
192.0.0.0/8 dev wlan0 proto kernel scope link src 192.168.10.2
default via 192.168.10.1 dev wlan0
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.0.0.0 dev wlan0 table local proto kernel scope link src 192.168.10.2
local 192.168.10.2 dev wlan0 table local proto kernel scope host src 192.168.10.2
broadcast 192.255.255.255 dev wlan0 table local proto kernel scope link src 192.168.10.2
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
fe80::/64 dev wlan0 metric 256 expires 20895427sec mtu 1500 advmss 1440 hoplimit 4294967295
unreachable default dev lo table unspec proto none metric -1 error -101 hoplimit 255
local ::1 via :: dev lo table local proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295
local fe80::21c:f0ff:fe89:f510 via :: dev lo table local proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295
ff00::/8 dev wlan0 table local metric 256 expires 20895427sec mtu 1500 advmss 1440 hoplimit 4294967295
unreachable default dev lo table unspec proto none metric -1 error -101 hoplimit 255
And, from within the VE in question.
root@etch-lab:/# ip rule list
-bash: ip: command not found
Obviously, without an internet connection I can't install ip on the VE.
I have no netfilter (iptables) rules in place on either the HN or the VE.
thorpe@oblivion ~ # sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@etch-lab:/# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
As you can probably see I have other VE's running on this same machine, all of which have this same issue. No internet connection.
[Updated on: Mon, 09 June 2008 07:12] Report message to a moderator |
|
|
|
| Re: cannot ping internet from within VE [message #30844 is a reply to message #30843] |
Mon, 09 June 2008 08:31 |
maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
|
Senior Member |
|
|
Hi,
| Quote: |
Obviously, without an internet connection I can't install ip on the VE.
|
Why don't you download appropriate package on the HN and then move it into VE and install it there?
Or you can use "route" utility and "ifconfig" command inside VE.
Please show us the route table and ifconfig output from inside the VE.
Could you possibly show also "arp -n" on the HN?
And if it is possible what is the output of the "tcpdump" utility.
Try to ping something from inside the VE (ping x.x.x.x) and then show the output of "tcpdump" from HN and from VE.
[Updated on: Mon, 09 June 2008 08:35] Report message to a moderator |
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
