Single IP not reachable from within VE [message #34558] |
Sat, 17 January 2009 13:15 |
dignus
Messages: 6 Registered: March 2007
|
Junior Member |
|
|
I have a *VERY* weird issue, I hope you guys can help me.
I have 8 HN's. All have 1 public IP (85.113.250.x) and an internal LAN IP (10.0.250.x). Internal LAN and public LAN are on seperate switches.
This works well, I can ping & connect to every IP. All my VE's also have the same setup, one public an one private IP. from within the VE's I can ping all other private IP's. Except for one. This private IP (10.0.250.27) is the internal LAN IP of the HN and can be pinged from the HN's, it is online, I use it for SSH. But I can't even ping from within the VE's. I can ping other 10.0.250.x IP's, but not this one.
I added an extra private IP to the HN, but safe thing, can't ping from within the VE's. This extra IP can be pinged from HN's. Iptables is disabled, selinux disabled. Any suggestions?
|
|
|
Re: Single IP not reachable from within VE [message #34690 is a reply to message #34558] |
Mon, 26 January 2009 20:11 |
irontowngeek
Messages: 20 Registered: January 2009
|
Junior Member |
|
|
It seems to reason,you should be able to "ping" the bridged device,as it is the gateway out.
I use to get "weird" pings,if ProxyARP was not enabled in the kernel on the HN.
If that doesn't fix it,I'm assuming,a single interface bridge,and you use VETH devices.
I have eliminated a lot of headaches in connecting
VE containers to the physical network,by creating static configurations in the VE.
In other words,put an "ifcfg-eth0" file,in each VE container,and
configure just like,any other physical network adapter.
Taking an example from one of my VE containers.
I will use 201,as an example.
Create a file in a text editor as so.
DEVICE=eth0
TYPE=Ethernet
HWADDR=aa:bb:cc:dd:00:11
IPADDR=192.168.245.201
NETMASK- 255.255.255.0
ONBOOT=yes
It is important to include the auto-gen MAC address for this interface.
Save the file as;
/vz/root/201/etc/sysconfig/network-scripts/ifcfg-eth0
Restart the VE.
You should now see the IP address I just used.
Now,check the route entries.
Depending on whether you script,to add any routes on the HN for any VE,it should show no default route.
(I do not use any scripts to configure any network device,other than the VETH devices on the HN.
Persistent routing and network interfaces can be configured in a proper place,without it)
To add a route to the bridged interface,which should be the gateway out,
In a text editor,open the file;
/vz/root/201/etc/rc.d/rc.local
If the VE is on the same subnet as the bridge,ADD
ip route add default dev eth0
Save file.
If you subnet the VE,like I do,ADD;
ip route add default eth0
ip route add 192.168.246.1 via 192.168.254.5
This assumes;
ip route add <the default route> via <the bridge's IP address>
Restart the VE.
Once the VE restarts,you should see the route to the gateway,via the bridge interface.
You should get a successful ping.
|
|
|
Re: Single IP not reachable from within VE [message #34719 is a reply to message #34558] |
Tue, 27 January 2009 22:38 |
irontowngeek
Messages: 20 Registered: January 2009
|
Junior Member |
|
|
I tried to duplicate your problem.
I first looked to a key enabled in the "sysctl.conf" file.
(i.e. Proxy_ARP = 1)
The only way I was able to duplicate your problem was;
If you use a static configuration of the bridge,(i.e ifcfg-brX),
and the MAC address of the bridge device is not entered into the
configuration (i.e HWADDR=aa:bb:cc:dd:00:11),the bridge IP address is not seen,but others are.
|
|
|