| Folllowed Quick Install Guide... No External Networking [message #31958] |
Wed, 16 July 2008 05:33  |
dgarstang
Messages: 5
Registered: July 2008
|
Junior Member |
|
|
I am new to OpenVZ.
I followed the quick start guide very closely, and have created my first container.
My VE can ping the HN, but it cannot ping anything else. The VE can't even ping the DNS name server. What have I missed? I don't want to NAT. I want the VE to be able to communicate directly to the outside world with a public IP. How can I do that?
Doug.
|
|
|
|
|
|
|
|
| Re: Folllowed Quick Install Guide... No External Networking [message #40141 is a reply to message #32236] |
Thu, 22 July 2010 10:05  |
blaise
Messages: 7
Registered: May 2010
|
Junior Member |
|
|
| dowdle wrote on Mon, 28 July 2008 02:02 | My guess would be that hostnames are not resolving to IPs within your container. Is your host node running a firewall / iptables? If so, turn it off and see if that fixes the problem. If so, the firewall was the problem.
That is the most common issue.
Another common issue is that sometimes people fail to modify their /etc/sysctl.conf correctly. Please check that you have modified yours and that it is correct.
I will be very surprised if one of those two isn't the issue. If not, please provide all of the output as requested by the first post and we'll have more to go on.
|
I am also new to openvz and seem to facing the same problem.
About my installation: I have a CentOS-5.5 as a host and I created a container using precreated Debian-5.0.
I can ping IPs from inside the VE but not domains. When I try to stop iptables in order to track the problem, here what I get:
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter mangle [ OK ]
Unloading iptables modules: FATAL: Module iptable_filter is in use.
FATAL: Module iptable_mangle is in use.
FATAL: Module ip_tables is in use.
[FAILED]
And this is what I get when I start the iptables:
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter mangle [ OK ]
Unloading iptables modules: FATAL: Module iptable_filter is in use.
FATAL: Module iptable_mangle is in use.
FATAL: Module ip_tables is in use.
[FAILED]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]
And here is my /etc/sysctl.conf :
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl( and
# sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
# TCP Explicit Congestion Notification
net.ipv4.tcp_ecn = 0
# Controls source route verification
#net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
#net.ipv4.icmp_echo_ignore_broadcasts = 1
# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536
# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 4294967295
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 268435456
Any other information? Please let me know.
It would be also grat if you could provide some pointers to problems/solutions when installing Debian/Ubuntu on CentOS.
Oh yes and my kernel version: 2.6.18-194.3.1.el5.028stab069.6
Thanks,
Blaise
|
|
|
|
|
|
|
|
| Re: Folllowed Quick Install Guide... No External Networking [message #40145 is a reply to message #40144] |
Thu, 22 July 2010 16:59 |
blaise
Messages: 7
Registered: May 2010
|
Junior Member |
|
|
| blaise wrote on Thu, 22 July 2010 11:45 |
However, if I restart the host, the nameserver is reset to the host's IP again. Actually it is reset to an IP that the host USED to have when networking was configured with DHCP on eth0.
|
It is my bad. Actually the automatic reset of the nameserver's IP address is solved by:
vzctl set VE_ID --nameserver <IP-ADDRESS> --save
but still, I need to DSL as a gateway to go public. I guess if the host is properly configured, it could be used as a nameserver for the VE. Actually I can ping from the container but only public IPs not domains.
[Updated on: Thu, 22 July 2010 17:07] Report message to a moderator |
|
|
|
| Re: Folllowed Quick Install Guide... No External Networking [message #40146 is a reply to message #40145] |
Thu, 22 July 2010 20:16 |
 |
JimL
Messages: 116
Registered: February 2007
|
Senior Member |
|
|
| blaise wrote on Thu, 22 July 2010 12:59 | | blaise wrote on Thu, 22 July 2010 11:45 |
However, if I restart the host, the nameserver is reset to the host's IP again. Actually it is reset to an IP that the host USED to have when networking was configured with DHCP on eth0.
|
It is my bad. Actually the automatic reset of the nameserver's IP address is solved by:
vzctl set VE_ID --nameserver <IP-ADDRESS> --save
but still, I need to DSL as a gateway to go public. I guess if the host is properly configured, it could be used as a nameserver for the VE. Actually I can ping from the container but only public IPs not domains.
|
I'm not 100% sure what you said, but as long as the nameserver points to the IP address of a DNS server, be it local or remote, you're OK. My "gateway" to the ISP is 192.168.2.1 and that's also (one of) my DNS server addresses. I run a bind server on another container and also have a couple of dns server addresses the ISP gave me. Any of them work.
I hope that answered your question.
Jim.
|
|
|
|
|
|
| Re: Folllowed Quick Install Guide... No External Networking [message #40158 is a reply to message #40147] |
Fri, 23 July 2010 12:20 |
blaise
Messages: 7
Registered: May 2010
|
Junior Member |
|
|
Hi Jim,
Thanks for the help that you have offered until now. It is really great.
let me clear the situation: I have a DSL modem which is the gateway to the external world.
vzctl set 101 --nameserver <IP-OF-DSL-Modem> --save
This solves the problem and 101 is able to ping google.com.
However, I have another system (centos on centos) which was not installed by me, where the VE has, as nameserver, the IP of its host and still it is able to ping domains. So this has to do with iptables I guess, I am not sure.
But anyway, now I have a connection for the VE and I was able to update it and populate it with firefox, apache2, php, mysql, etc. The next step is to re-package a new template. It is a nice experience until now. Any more advice for such a Web server? Performance/security tuning? Still I need help to fix my iptables thing.
Thanks again,
Blaise
|
|
|
|
| Re: Folllowed Quick Install Guide... No External Networking [message #40163 is a reply to message #40158] |
Fri, 23 July 2010 14:24 |
|
JimL
Messages: 116
Registered: February 2007
|
Senior Member |
|
|
| blaise wrote on Fri, 23 July 2010 08:20 | Hi Jim,
But anyway, now I have a connection for the VE and I was able to update it and populate it with firefox, apache2, php, mysql, etc. The next step is to re-package a new template. It is a nice experience until now. Any more advice for such a Web server? Performance/security tuning? Still I need help to fix my iptables thing.
Thanks again,
Blaise
|
OK, now you are wandering into an area I know nothing about. My advice is to start digging through the wiki and see if that topic is covered anywhere and/or start a new thread. People that know the answer may be ignoring this thread.
Good luck,
Jim.
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
