I have followed the instructions at Using_NAT_for_VE_with_private_IPs.
My kernel does *not* have loadable modules enabled. Even with that enabled it doesn't seem to work.
I'm trying to have a set of VEs that have only an internal IP address (172.16.*.*) that can access remote services (apt-get, ping, etc). I don't want these VEs to have public IP addresses. Eventually they will be accessed through a proxy server in a VE that does have a public IP. It is important that these non-public VEs have access to Internet services.
The hn has Red Hat Enterprise Linux ES 4 with a custom compiled kernel. Attached is my .config file.
[root@hn ~]# uname -a
Linux hn.fakedomainname.com 2.6.8-022stab078-up #15 Tue Aug 8 00:13:33 UTC 2006 i686 athlon i386 GNU/Linux
[root@hn ~]# cat /etc/modules.conf
options ip_conntrack ip_conntrack_enable_ve0=1
The 27.16.122.72 IP is fake, I used my real HN IP address in its place:
iptables -t nat -A POSTROUTING -s 172.16.0.0/16 -o eth0 -j SNAT --to 27.16.122.72
"testvps" has a private IP address:
testvps:~# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1397 errors:0 dropped:0 overruns:0 frame:0
TX packets:1397 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:111809 (109.1 KiB) TX bytes:111809 (109.1 KiB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:480 (480.0 b) TX bytes:2128 (2.0 KiB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.16.4.1 P-t-P:172.16.4.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
Problem with pinging google.com from "testvps":
testvps:~# ping -w 10 google.com
PING google.com (64.233.167.99) 56(84) bytes of data.
--- google.com ping statistics ---
11 packets transmitted, 0 received, 100% packet loss, time 9998ms
"dns" has a public IP (replaced with a fake one):
dns:~# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1462 errors:0 dropped:0 overruns:0 frame:0
TX packets:1462 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:116801 (114.0 KiB) TX bytes:116801 (114.0 KiB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:57 errors:0 dropped:0 overruns:0 frame:0
TX packets:56 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12536 (12.2 KiB) TX bytes:7094 (6.9 KiB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:27.16.122.128 P-t-P:27.16.122.128 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
venet0:1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.16.1.1 P-t-P:172.16.1.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
No problem with pinging google.com from "dns":
dns:~# ping -w 2 google.com
PING google.com (64.233.187.99) 56(84) bytes of data.
64 bytes from 64.233.187.99: icmp_seq=1 ttl=239 time=37.9 ms
64 bytes from 64.233.187.99: icmp_seq=2 ttl=239 time=38.1 ms
--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 37.993/38.049/38.106/0.203 ms
Let me know what else might help track this problem down. I just can't seem figure it out on my own.
Thanks!
Dusty
[Updated on: Thu, 10 August 2006 05:27] by Moderator
Report message to a moderator