OpenVZ Forum: Support » Cannot Access Internet

Home » General » Support » Cannot Access Internet

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Cannot Access Internet [message #33815]

Wed, 12 November 2008 17:08

fatboytim
Messages: 6
Registered: November 2008

Junior Member

I have just installed latest stable version of OpenVZ on RHEL4 and I have created some nodes following the instructions on Quick Install on Wiki based on the prebuilt CentOS 4 container. All nodes have public IPs and I can access SSH on all the nodes. However I cannot connect to any IPs from the nodes eg wget/ping/traceroute do not work for any IP.

Is there some configuration step I have missed?

Report message to a moderator

Re: Cannot Access Internet [message #33816 is a reply to message #33815]

Wed, 12 November 2008 17:50

maratrus
Messages: 1495
Registered: August 2007
Location: Moscow

Senior Member

Hello,

let's take into consideration the only one VE.

It is not clear how could you get an access a particular VE but

Quote:

cannot connect to any IPs from the nodes

could you please clarify the situation?

# ip a l (from the HN and from inside the VE)
# ip rule list (from HN and from inside the VE)
# ip route list (from HN and from inside the VE)
# sysctl -a | grep forward (from the HN)
# are you using any iptables rules inside the VE
# could you please try to ping any ip address from inside the VE and at the same moment run tcpdump utility inside VE (on a appropriate interface)and on the HN (on venet/veth and physical interfaces).

Report message to a moderator

Re: Cannot Access Internet [message #33817 is a reply to message #33816]

Wed, 12 November 2008 18:56

fatboytim
Messages: 6
Registered: November 2008

Junior Member

Thanks for your reply. Here is the details you asked for. Because this is a private server I have replaced some data with x. Hope this is not a problem for you.

[root@HN ~]# ip a l
2: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
4: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:14:x:x:x:x brd ff:ff:ff:ff:ff:ff
inet x.x.x.130/27 brd x.x.x.159 scope global eth0
inet x.x.x.131/27 brd x.x.x.159 scope global secondary eth0:0
inet x.x.x.132/27 brd x.x.x.159 scope global secondary eth0:1
inet x.x.x.133/27 brd x.x.x.159 scope global secondary eth0:2
inet x.x.x.134/27 brd x.x.x.159 scope global secondary eth0:3
inet x.x.x.135/27 brd x.x.x.159 scope global secondary eth0:4
6: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 00:0e:x:x:x:x brd ff:ff:ff:ff:ff:ff
1: venet0: <BROADCAST,POINTOPOINT,NOARP,UP> mtu 1500 qdisc noqueue
link/void

[root@VE1 /]# ip a l
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
3: venet0: <BROADCAST,POINTOPOINT,NOARP,UP> mtu 1500 qdisc noqueue
link/void
inet 127.0.0.1/32 scope host venet0
inet x.x.x.131/32 brd x.x.x.131 scope global venet0:0

[root@HN ~]# ip rule list
0: from all lookup local
32766: from all lookup main
32767: from all lookup default

[root@VE1 /]# ip rule list
0: from all lookup local
32766: from all lookup main
32767: from all lookup default

[root@HN ~]# ip route list
x.x.x.135 dev venet0 scope link
x.x.x.134 dev venet0 scope link
x.x.x.133 dev venet0 scope link
x.x.x.132 dev venet0 scope link
x.x.x.131 dev venet0 scope link
x.x.x.128/27 dev eth0 proto kernel scope link src x.x.x.130
169.254.0.0/16 dev eth0 scope link
default via x.x.x.129 dev eth0

[root@VE1 /]# ip route list
192.0.2.0/24 dev venet0 scope host
169.254.0.0/16 dev venet0 scope link
default via 192.0.2.1 dev venet0

[root@HN ~]# sysctl -a | grep forward
net.ipv4.conf.venet0.mc_forwarding = 0
net.ipv4.conf.venet0.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.forwarding = 1
net.ipv4.ip_forward = 1

There are no rules in iptables.

[root@VE1 /]# ping -c 5 64.131.90.169
PING 64.131.90.169 (64.131.90.169) 56(84) bytes of data.
--- 64.131.90.169 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 3999ms

Here is log from tcpdump on HN while attempting ping on VE:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
12:49:04.942286 802.1d unknown version
12:49:06.951581 802.1d unknown version
12:49:07.961363 00:0e:x:x:x:x > 00:0e:x:x:x:x, ethertype Loopback (0x9000), length 60:
0x0000: 0000 0100 0000 0000 0000 0000 0000 0000 ................
0x0010: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0020: 0000 0000 0000 0000 0000 0000 0000 ..............
12:49:08.681600 00:0e:x:x:x:x > 01:00:x:x:x:x snap ui/C len=35
12:49:08.955156 802.1d unknown version
12:49:10.957731 802.1d unknown version
12:49:12.962806 802.1d unknown version
12:49:14.966631 802.1d unknown version
12:49:16.968956 802.1d unknown version
12:49:17.975738 00:0e:x:x:x:x > 00:0e:x:x:x:x, ethertype Loopback (0x9000), length 60:
0x0000: 0000 0100 0000 0000 0000 0000 0000 0000 ................
0x0010: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0020: 0000 0000 0000 0000 0000 0000 0000 ..............
12:49:18.974778 802.1d unknown version
12:49:20.982852 802.1d unknown version
12:49:22.987174 802.1d unknown version
12:49:24.987998 802.1d unknown version
12:49:26.825941 CDPv2, ttl: 180s, Device-ID 'x'[|cdp]
12:49:26.991823 802.1d unknown version
12:49:27.996858 00:0e:x:x:x:x > 00:0e:x:x:x:x, ethertype Loopback (0x9000), length 60:
0x0000: 0000 0100 0000 0000 0000 0000 0000 0000 ................
0x0010: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0020: 0000 0000 0000 0000 0000 0000 0000 ..............
12:49:28.995148 802.1d unknown version
12:49:31.003469 802.1d unknown version
12:49:33.007043 802.1d unknown version
12:49:35.012366 802.1d unknown version
12:49:37.014692 802.1d unknown version
12:49:38.020726 00:0e:x:x:x:x > 00:0e:x:x:x:x, ethertype Loopback (0x9000), length 60:
0x0000: 0000 0100 0000 0000 0000 0000 0000 0000 ................
0x0010: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0020: 0000 0000 0000 0000 0000 0000 0000 ..............

Report message to a moderator

Re: Cannot Access Internet [message #33825 is a reply to message #33817]

Thu, 13 November 2008 08:20

maratrus
Messages: 1495
Registered: August 2007
Location: Moscow

Senior Member

Hello,

Quote:

4: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:14:x:x:x:x brd ff:ff:ff:ff:ff:ff
inet x.x.x.130/27 brd x.x.x.159 scope global eth0
inet x.x.x.131/27 brd x.x.x.159 scope global secondary eth0:0
inet x.x.x.132/27 brd x.x.x.159 scope global secondary eth0:1
inet x.x.x.133/27 brd x.x.x.159 scope global secondary eth0:2
inet x.x.x.134/27 brd x.x.x.159 scope global secondary eth0:3
inet x.x.x.135/27 brd x.x.x.159 scope global secondary eth0:4

you shouldn't have aliases on the HN!
If you want to assign an ip address to your VE "vzctl set $VEID --ipadd x.x.x.x" is sufficient.

Report message to a moderator

Re: Cannot Access Internet [message #33827 is a reply to message #33825]

Thu, 13 November 2008 09:25

fatboytim
Messages: 6
Registered: November 2008

Junior Member

maratrus wrote on Thu, 13 November 2008 03:20

you shouldn't have aliases on the HN!
If you want to assign an ip address to your VE "vzctl set $VEID --ipadd x.x.x.x" is sufficient.

That's exactly what I did.
As per the wiki, I did:
[host-node]# vzctl create CTID --ostemplate osname
[host-node]# vzctl set CTID --ipadd a.b.c.d --save
[host-node]# vzctl set CTID --nameserver a.b.c.d --save
[host-node]# vzctl start CTID

Basically the only things I've done with this server is to install the kernel & tools, reboot into OpenVZ kernel, download the CentOS 4 prebuilt OS template, then create the containers using the above commands.

I then tried to connect to them via SSH and that worked fine, but outgoing connections from the containers isn't working.

I did also make some config changes to grub etc as per the instructions on http://wiki.openvz.org/Quick_installation but other than this I haven't installed or changed anything else on the server from a fresh RHEL4 install.

Report message to a moderator

Re: Cannot Access Internet [message #33828 is a reply to message #33827]

Thu, 13 November 2008 09:37

maratrus
Messages: 1495
Registered: August 2007
Location: Moscow

Senior Member

Hello,

it's not clear if your VE has the same ip address as an alias on the HN:

Quote:

[root@VE1 /]# ip a l
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
3: venet0: <BROADCAST,POINTOPOINT,NOARP,UP> mtu 1500 qdisc noqueue
link/void
inet 127.0.0.1/32 scope host venet0
inet x.x.x.131/32 brd x.x.x.131 scope global venet0:0

Quote:

[root@HN ~]# ip a l
2: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
4: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:14:x:x:x:x brd ff:ff:ff:ff:ff:ff
inet x.x.x.130/27 brd x.x.x.159 scope global eth0
inet x.x.x.131/27 brd x.x.x.159 scope global secondary eth0:0
inet x.x.x.132/27 brd x.x.x.159 scope global secondary eth0:1
inet x.x.x.133/27 brd x.x.x.159 scope global secondary eth0:2
inet x.x.x.134/27 brd x.x.x.159 scope global secondary eth0:3
inet x.x.x.135/27 brd x.x.x.159 scope global secondary eth0:4
6: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 00:0e:x:x:x:x brd ff:ff:ff:ff:ff:ff
1: venet0: <BROADCAST,POINTOPOINT,NOARP,UP> mtu 1500 qdisc noqueue
link/void

if yes you should remove an alias from the HN.

Report message to a moderator