OpenVZ Forum


Home » General » Support » container firewalled (container firewalled)
container firewalled [message #37534] Thu, 24 September 2009 12:41 Go to next message
cosminnci is currently offline  cosminnci
Messages: 6
Registered: September 2009
Location: RO
Junior Member
Hello,

just installed OpenVZ and having problem from lan
nmap does not see the opened ports from the container.

[root@test101 ~]# nmap localhost

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2009-09-24 16:23 MSD
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1675 closed ports
PORT STATE SERVICE
23/tcp open telnet
25/tcp open smtp
80/tcp open http
139/tcp open netbios-ssn
445/tcp open microsoft-ds


[openvz ~]# nmap 192.168.1.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2009-09-24 15:50 EEST
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
Nmap finished: 1 IP address (0 hosts up) scanned in 0.215 seconds


there is no firewall on the container
do I need extra routing to see the open ports from the container?

regards,

Report message to a moderator

Re: container firewalled [message #37541 is a reply to message #37534] Thu, 24 September 2009 19:55 Go to previous messageGo to next message
Paparaciz
Messages: 302
Registered: August 2009
Senior Member
use:
nmap -e venet0:0 ...etc...

Report message to a moderator

Re: container firewalled [message #37542 is a reply to message #37534] Thu, 24 September 2009 19:58 Go to previous messageGo to next message
Paparaciz
Messages: 302
Registered: August 2009
Senior Member
oh sorry, it seems you want to see open ports in container from lan
then you have in HN forward request to container (also all requests have to go to HN)
or proxy_arp interface in HN, for example:
net.ipv4.conf.eth0.proxy_arp = 1
then lan will see yours container ip address

Report message to a moderator

Re: container firewalled [message #37543 is a reply to message #37542] Thu, 24 September 2009 20:02 Go to previous messageGo to next message
cosminnci is currently offline  cosminnci
Messages: 6
Registered: September 2009
Location: RO
Junior Member
the HN can ping the container, HN ip is 192.168.1.100 and container ip is 192.168.1.101
but
nmap 192.168.1.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2009-09-24 15:50 EEST
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
Nmap finished: 1 IP address (0 hosts up) scanned in 0.215 seconds

Report message to a moderator

Re: container firewalled [message #37544 is a reply to message #37534] Thu, 24 September 2009 20:15 Go to previous messageGo to next message
Paparaciz
Messages: 302
Registered: August 2009
Senior Member
what if you will try telnet?
it seems nmap don't know how to reach container

Report message to a moderator

Re: container firewalled [message #37545 is a reply to message #37544] Thu, 24 September 2009 20:23 Go to previous messageGo to next message
cosminnci is currently offline  cosminnci
Messages: 6
Registered: September 2009
Location: RO
Junior Member

maybe there is something wrong in my config.
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.proxy_arp = 1
net.ipv4.conf.eth0.proxy_arp = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456

telnet seems to work..
[root@HN ~]# telnet 192.168.1.101 80
Trying 192.168.1.101...
Connected to wireless (192.168.1.101).
Escape character is '^]'.

Report message to a moderator

[SOLVED] Re: container firewalled [message #37589 is a reply to message #37545] Mon, 28 September 2009 18:38 Go to previous message
cosminnci is currently offline  cosminnci
Messages: 6
Registered: September 2009
Location: RO
Junior Member
Hello,

it seems that only nmap has a problem showing open ports,
telnet connects and all is ok.

Report message to a moderator

Previous Topic: Error Starting VPS
Next Topic: 2.6.18 in debian/ubuntu
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Fri Oct 11 22:35:38 GMT 2024

Total time taken to generate the page: 0.07430 seconds
Powered by FUDforum Powered by Virtuozzo Containers