| SOLVED: Destination Host Unreachable from VE on Public IP [message #33049] |
Fri, 19 September 2008 22:47  |
4drob
Messages: 4
Registered: September 2008
|
Junior Member |
|
|
I'm new to OpenVZ, but have read a bit about it. My HN is running a fresh copy of Ubuntu 8.04. I followed the Debian install guide (where applicable) to configure a VE with the Ubuntu 8.04 template found on the wiki.
The VE is on it's own public IP (same subnet as the HN). The VE can ping IP addresses out on the internet and can correctly resolve domain names, but it can't ping domain names (get Destination Host Unreachable) and thus can't use apt-get to update, wget, etc.
The VE can be pinged by the HN and from inside the network by IP but not from outside the network (packets get to HN then time out). No firewall setup. Maybe I'm missing something, but I've read through all the documentation I could find, tried different variations of settings, destroyed and re-created the VE multiple times, and I'm just out of ideas. The same network does have 3 other HNs running Virtuozzo with VEs on their own public IPs working just fine. Thanks in advance for any help or suggestions!
HN:
uname -r
2.6.24-19-openvz
ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:30:48:2f:85:16 brd ff:ff:ff:ff:ff:ff
inet 67.30.129.74/23 brd 67.30.129.255 scope global eth0
inet6 fe80::230:48ff:fe2f:8516/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:30:48:2f:85:17 brd ff:ff:ff:ff:ff:ff
inet 67.30.129.75/23 brd 67.30.129.255 scope global eth1
21: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/void
sysctl -p
kernel.printk = 4 4 1 7 (set by Ubuntu openvz-meta installer script)
kernel.maps_protect = 1 (" ")
fs.inotify.max_user_watches = 524288 (" ")
error: "vm.mmap_min_addr" is an unknown key (set to 65536 by script)
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
kernel.sysrq = 1
ip rule list
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
iptables -t nat -L && iptables -t filter -L && iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
VE:
ping google.com
PING google.com (64.233.167.99) 56(84) bytes of data.
From 67-30-129-74.4servers.com (67.30.129.74) icmp_seq=7 Destination Host Unreachable
ping 67.30.129.74
PING 67.30.129.74 (67.30.129.74) 56(84) bytes of data.
64 bytes from 67.30.129.74: icmp_seq=1 ttl=64 time=0.074 ms
tcpdump -i venet0:0 -e -n host google.com
-bash: tcpdump: command not found
ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/void
inet 127.0.0.1/32 scope host venet0
inet 67.30.129.76/32 scope global venet0:0
ip route list table all
192.0.2.1 dev venet0 scope link
default via 192.0.2.1 dev venet0
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
local 67.30.129.76 dev venet0 table local proto kernel scope host src 67.30.129.76
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev venet0 table local proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
unreachable default dev lo table unspec proto none metric -1 error -101 hoplimit 255
local ::1 via :: dev lo table local proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable default dev lo table unspec proto none metric -1 error -101 hoplimit 255
ip -V
ip utility, iproute2-ss071016
from my box outside the network
tracert 67.30.129.76
[snip]
9 75 ms 74 ms 76 ms so-3-0-0.mp1.Tustin1.Level3.net [209.247.8.118]
10 77 ms 75 ms 76 ms so-9-0.hsa1.Tustin1.Level3.net [4.68.114.6]
11 77 ms 77 ms 78 ms 65.58.240.18
12 78 ms 79 ms 79 ms 67-30-129-74.4servers.com [67.30.129.74]
13 * * * Request timed out.
[Updated on: Mon, 22 September 2008 17:20] Report message to a moderator |
|
|
|
|
|
| Re: Destination Host Unreachable from VE on Public IP [message #33057 is a reply to message #33050] |
Sat, 20 September 2008 14:25  |
4drob
Messages: 4
Registered: September 2008
|
Junior Member |
|
|
Hello, thanks for your response. Yes I did apply the correct nameservers for my network. resolv.conf for both the HN and VE read:
nameserver 67.30.129.1
nameserver 128.121.254.73
The HN and VE resolve the correct IP from names fine, the VE just gets "Destination Host Unreachable" when attempting to send traffic using names.
[Updated on: Mon, 22 September 2008 01:37] Report message to a moderator |
|
|
|
|
|
| Re: Destination Host Unreachable from VE on Public IP [message #33100 is a reply to message #33093] |
Mon, 22 September 2008 17:19 |
4drob
Messages: 4
Registered: September 2008
|
Junior Member |
|
|
I wasn't able to ping 64.233.167.99, but now it's actually working.
It was very strange, some of the traffic on the network was actually being routed to the HN, causing some other servers on the subnet to become unreachable via the internet. I changed the IP of the HN (which was previously used fine before the installation of openvz), added
net.ipv4.icmp_echo_ignore_broadcasts=1 to /etc/sysctl.conf per this howto, and the VE's internet connection started working fine! Really strange... thanks for the possible suggestions though.
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
