OpenVZ Forum: Support » *SOLVED* Internet Connectivity

Home » General » Support » *SOLVED* Internet Connectivity

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

*SOLVED* Internet Connectivity [message #3947]

Sun, 25 June 2006 17:38

glenn
Messages: 9
Registered: June 2006

Junior Member

I created a new VE on my host node, with 102, using the default template.

I gave it a public IP at the data centre. Here's the weird thing:

(a) From my home computer, I can ping the hostnode (.2) and the VE (.4)

(b) However, inside the VE (.4), I cannot ping outside. I cannot access any IP other than the hostnode (.2).

Any ideas to solve this, would be greatly appreciated Smile

Cheers!

[Updated on: Tue, 27 June 2006 11:44] by Moderator

Report message to a moderator

Re: Internet Connectivity [message #3948 is a reply to message #3947]

Sun, 25 June 2006 17:40

glenn
Messages: 9
Registered: June 2006

Junior Member

Problem solved by doing service iptables stop on hostnode (.2)

Report message to a moderator

Re: Internet Connectivity [message #4282 is a reply to message #3948]

Tue, 04 July 2006 21:11

goeldi
Messages: 92
Registered: June 2006

Member

I am sure that I don't already understand all aspects of openvz security (if it exists anywhere), but is stopping iptables really a solution?

Report message to a moderator

Re: Internet Connectivity [message #4289 is a reply to message #4282]

Wed, 05 July 2006 04:41

dev
Messages: 1693
Registered: September 2005
Location: Moscow

Senior Member

Sure it's a temporary solution.
OpenVZ supports firewall both on host node and inside VE.
in 99% of cases it is wrong firewall rules to blame.
But what can we do if iptables rules are not that evident and simple to setup for most people?

What about security aspects, I will be happy to answer your questions and make it clear for you.

http://static.openvz.org/userbars/openvz-developer.png

Report message to a moderator

Re: Internet Connectivity [message #4290 is a reply to message #3948]

Wed, 05 July 2006 04:43

dev
Messages: 1693
Registered: September 2005
Location: Moscow

Senior Member

which kernel do you use?
if 2.6.8 and you are using conntracks, then don't forget to enable them as descibed in FAQ:
last item at http://openvz.org/documentation/faq

Report message to a moderator

Re: Internet Connectivity [message #4379 is a reply to message #4290]

Sat, 08 July 2006 13:52

hvdkamer
Messages: 40
Registered: July 2006

Member

dev wrote on Wed, 05 July 2006 06:43

if 2.6.8 and you are using conntracks, then don't forget to enable them as descibed in FAQ:

As mentioned elsewhere I added the ip_conntrack_enable_ve0=1 to /etc/modules.conf. Then I removed the ip_conntrack module and did a modprobe to load it again. No luck. Then I rebooted the machine and tried again and used the folowing:

# modprobe -v ip_conntrack ip_conntrack_enable_ve0=1

Then it worked. Just to be sure I restarted the computer again, and did a normal modprobe (which should use the options in /etc/modules.conf I think) and it didn't work. Removing the module and do it again met the above command doesn't work. The only way to get it working is doing the above command before the module is loaded through another method.

Is this a bug or is this the normal way? If so, then I think that the manual must be changed Smile

Henk van de Kamer
auteur Het Lab
http://www.hetlab.tk/

Report message to a moderator

Re: Internet Connectivity [message #4380 is a reply to message #3948]

Sat, 08 July 2006 20:33

wyndryder
Messages: 35
Registered: June 2006

Member

glenn wrote on Sun, 25 June 2006 13:40

Problem solved by doing service iptables stop on hostnode (.2)

I'm having the exact same problem as you are. But I am pretty much a networking noob.

Can you explain how you did "service iptables stop on hostnode"?

[Updated on: Sat, 08 July 2006 20:35]

Report message to a moderator