OpenVZ Forum


Home » General » Discussions » i can't ping vps from the host. (i can't ping vps from the host.)
i can't ping vps from the host. [message #40340] Thu, 12 August 2010 07:46 Go to next message
greenflying2010 is currently offline  greenflying2010
Messages: 4
Registered: August 2010
Junior Member
I create a vps on openvz. This vps has two network interfaces, one is venet0 ,venet0:0 and the other is eth0. The ipaddr of venet0:0 is 192.168.255.2, and the eth0 ipaddr is 10.202.0.242. The ipaddr of the openvz host is 192.168.255.254. From the host, i can ping the venet0:0 192.168.255.2, but why i can't ping the eth0 of vps 10.202.0.242????
I have start the ipv4 forwarding in vps and closed the firewall.
when i try the following command:
ping -I venet0 10.202.0.242
it appears an error like: ping: sendmsg: operation not permitted.
What's the problem??

thanks
b.guo

Report message to a moderator

Re: i can't ping vps from the host. [message #40875 is a reply to message #40340] Tue, 19 October 2010 00:40 Go to previous messageGo to next message
lars_bailey is currently offline  lars_bailey
Messages: 3
Registered: October 2010
Junior Member
You need to enable forwarding on your specific VETH adapter interface.
Example "sysctl.conf".

net.conf.ipv4.default.forwarding = 1
net.conf.ipv4.veth101.0.forwarding = 1

If you bridge VETH interfaces use;

net.conf.ipv4.all.forwarding = 1

Forwarding is not needed in a VPS.

Report message to a moderator

Re: i can't ping vps from the host. [message #41007 is a reply to message #40875] Wed, 03 November 2010 12:51 Go to previous messageGo to next message
lars_bailey is currently offline  lars_bailey
Messages: 3
Registered: October 2010
Junior Member
To expand this thread a little further,the member does not specify whether the VETH interface is bridged,so one must assume it's not.
If the VETH is not bridged,this interface becomes the VPS's "gateway".
Since the IP subnet for the VPS differs than the Node,routing is not an issue,since the Node will have this subnet in its table.(based on the VETH IP)

Example;

Node 192.168.99.254
VETH 10.10.100.254
VPS 10.10.100.2

All that is needed for the VPS,is placing this in its config.

GATEWAY=10.10.100.254

From the Node,both the VETH and VPS IP addresses are reachable.
From the VPS,the VETH IP address,is reachable.
The Node IP address is possible to reach from the VPS,as long as you know the IP.
A Node server's IP address,is never seen as a network hop,whether you bridge or not.
If you follow the example above,forwarding for VPS via VETH interface,does not need to be enabled,unless the VPS needs it.
On my Node,only one VPS has forwarding enabled,
All other VPS's,can not reach each other,hence the error the member was getting.
I hope this explaination helps.

Report message to a moderator

Re: i can't ping vps from the host. [message #41151 is a reply to message #40340] Fri, 03 December 2010 05:56 Go to previous message
lars.bailey is currently offline  lars.bailey
Messages: 38
Registered: April 2010
Member
The kernel key I demonstraated to enable will not work with
with SYSCTL.
This will enable forwarding for all VETH interfaces;

net.ipv4.conf.default.forwarding = 1

This is taken directly from one Node server.

net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.vebr0.proxy_arp = 1
net.ipv4.conf.vebr0.forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.eth1.forwarding = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0

The kernel keys for the physical interfaces,is based on my particular setup.
Just proper your firewall rules,if you want to limit forwarding
for a VETH configured container.(self-exxplainatory)

# This is my full "sysctl.conf"

kernel.sysrq = 1
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456

# Prevent SYN attacks

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 2

# OpenVZ

net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.vebr0.proxy_arp = 1
net.ipv4.conf.vebr0.forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.eth1.forwarding = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0

#IPv6

net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.accept_redirects = 0

# Depreciated,but needed for setup tool
# net.ipv4.ip_forward = 1

# My tweaks

net.core.rmem_default = 524288
net.core.rmem_max = 524288
net.core.wmem_default = 524288
net.core.wmem_max = 524288
net.ipv4.tcp_wmem = 4096 87380 524288
net.ipv4.tcp_rmem = 4096 87380 524288
net.ipv4.tcp_mem = 524288 524288 524288
net.ipv4.tcp_rfc1337 = 1
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.tcp_sack = 1
net.ipv4.tcp_fack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_ecn = 0
net.ipv4.conf.all.log_martians = 1

vm.vfs_cache_pressure = 50
vm.swappiness = 20

Hope it helps

Report message to a moderator

Previous Topic: control panel question
Next Topic: vps goes offline
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Fri Dec 27 09:16:48 GMT 2024

Total time taken to generate the page: 0.04508 seconds
Powered by FUDforum Powered by Virtuozzo Containers