| HN online, VPS nicht [message #34207] |
Sun, 14 December 2008 12:12 |
shoemanic
Messages: 1
Registered: December 2008
|
Junior Member |
|
|
hi,
hab mir gestern openVZ auf meinem ubuntu 8.04 LTS installiert. läuft auch alles soweit, nur komme ich mit den virtuellen hosts nicht online. pingbar sind die hosts untereinnader (HN <-> VPS) - der HN kommt auch übers defGW online, die virtuellen leider nicht. auf dem defGW sehe ich zwar das ein paket von der entsprechenden IP des VPS daherkommt (bei einem ping bspw) - arp eintrag ist allerdings keiner ersichtlich (retour route daher auch nicht möglich). hier mal ein paar auszüge meiner config:
/etc/sysctl.conf
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# the following stops low-level messages on console
kernel.printk = 4 4 1 7
# enable /proc/$pid/maps privacy so that memory relocations are not
# visible to other users. (Added in kernel 2.6.22.)
kernel.maps_protect = 1
# Increase inotify availability
fs.inotify.max_user_watches = 524288
# protect bottom 64k of memory from mmap to prevent NULL-dereference
# attacks against potential future kernel security vulnerabilities.
# (Added in kernel 2.6.23.)
vm.mmap_min_addr = 65536
############################################################ ##3
# Functions previously found in netbase
#
# Comment the next two lines to disable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# This disables TCP Window Scaling (http://lkml.org/lkml/2008/2/5/167)
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
#net.ipv6.ip_forward=1
############################################################ #######
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Ignore ICMP broadcasts
#net/ipv4/icmp_echo_ignore_broadcasts = 1
#
# Ignore bogus ICMP errors
#net/ipv4/icmp_ignore_bogus_error_responses = 1
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net/ipv4/conf/all/accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
net/ipv4/conf/all/secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net/ipv4/conf/all/send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net/ipv4/conf/all/accept_source_route = 0
#
# Log Martian Packets
#net/ipv4/conf/all/log_martians = 1
#
# Always defragment packets
#net/ipv4/ip_always_defrag = 1
#-- OpenVZ begin --#
# On Hardware Node we generally need
# packet forwarding enabled and proxy arp disabled
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 0
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
# Enables the magic-sysrq key
kernel.sysrq = 1
# TCP Explict Congestion Notification
#net.ipv4.tcp_ecn = 0
# we do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
#-- OpenVZ end --#
vzlist
CTID NPROC STATUS IP_ADDR HOSTNAME
101 3 running 10.35.5.3 mailhub
102 3 running 10.35.5.4 web
route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.35.5.3 * 255.255.255.255 UH 0 0 0 venet0
10.35.5.4 * 255.255.255.255 UH 0 0 0 venet0
localnet * 255.255.255.0 U 0 0 0 eth0
default 10.35.5.1 0.0.0.0 UG 100 0 0 eth0
uname -a
Linux core 2.6.18-12-fza-486 #1 Sun May 18 11:58:05 CEST 2008 i686 GNU/Linux
firewall und dgl sind inaktiv (sowohl am router als auch lokal am HN)
wenn noch infos benötigt werden sagt bescheid.
thx&mfg
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
