OpenVZ Forum


Home » General » Support » Host Node lost network upon install and restart (Network lost after running Openvz kernel)
Host Node lost network upon install and restart [message #51440] Thu, 05 June 2014 11:24 Go to next message
felixchang is currently offline  felixchang
Messages: 4
Registered: June 2014
Junior Member
I am extremely new to linux and Openvz Embarassed and has been trying to setup a small test server to achieve some tasks.

I am running Centos 6.5 and has been running happily as standalone server. My network setting is extremely simple. One main ip 192.168.42.170 with two virtual ip 192.168.42.171 and 192.168.42.172.

I then follow the instruction on openvz.org/Quick_installation#Tools_installation and completed everything successfully and then reboot into openVZ.
The system rebooted ok.

So I am about to download OS template to have the fun of creating the containers. That is when I realize I do not have network.

I then make sure I am running the right kernel :

# uname -a
Linux server2.localdomain 2.6.32-042stab090.2 #1 SMP Wed May 21 19:25:13 MSK 2014 i686 i686 i386 GNU/Linux

then I check the network :

[root@server2 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr D4:AE:52:C7:F0:34
inet addr:192.168.42.170 Bcast:192.168.42.255 Mask:255.255.255.0
inet6 addr: fe80::d6ae:52ff:fec7:f034/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2713 errors:0 dropped:0 overruns:0 frame:0
TX packets:2164 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:811470 (792.4 KiB) TX bytes:281383 (274.7 KiB)
Interrupt:16

eth0:1 Link encap:Ethernet HWaddr D4:AE:52:C7:F0:34
inet addr:192.168.42.171 Bcast:192.168.42.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16

eth0:2 Link encap:Ethernet HWaddr D4:AE:52:C7:F0:34
inet addr:192.168.42.172 Bcast:192.168.42.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:24 errors:0 dropped:0 overruns:0 frame:0
TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1632 (1.5 KiB) TX bytes:1632 (1.5 KiB)

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: fe80::1/128 Scope:Link
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:3 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)


I can not tell if anything go wrong.

After many hours of debugging, I realize the network will be back if I stop the firewall

#service iptables stop

My iptables look like

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT


If I investigate by "tcpdump port portnum" using portnum 80 (web http) or 5901 (vncserver)and start the browser or vncserver application, no package is detected by tcpdump.

What could be blocking the port ? It only happens after I install the openvz.

I am not even sure how to continue from here now Crying or Very Sad

Any help is appreciated.

Report message to a moderator

Re: Host Node lost network upon install and restart [message #51444 is a reply to message #51440] Thu, 05 June 2014 19:13 Go to previous messageGo to next message
loki is currently offline  loki
Messages: 6
Registered: June 2014
Location: Canada
Junior Member
You should exclude your venet0 from firewall config if using csf, look up google on allowing all trafic for venet0

Report message to a moderator

Re: Host Node lost network upon install and restart [message #51445 is a reply to message #51440] Fri, 06 June 2014 07:59 Go to previous messageGo to next message
felixchang is currently offline  felixchang
Messages: 4
Registered: June 2014
Junior Member
I do not quite get this. I see one venet0 interface created after openvz installation. What way have I included this in firewall configuration ?

Report message to a moderator

Re: Host Node lost network upon install and restart [message #51447 is a reply to message #51440] Sat, 07 June 2014 22:42 Go to previous messageGo to next message
Ales is currently offline  Ales
Messages: 330
Registered: May 2009
Senior Member
Firewall issues (?) aside, this is the single most repeated mistake when using openvz for the first time:

eth0:1 Link encap:Ethernet HWaddr D4:AE:52:C7:F0:34
inet addr:192.168.42.171 Bcast:192.168.42.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16

eth0:2 Link encap:Ethernet HWaddr D4:AE:52:C7:F0:34
inet addr:192.168.42.172 Bcast:192.168.42.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16


Remove the two additional IPs you have from eth0, unbind them. Just keep 192.168.42.170.

Then you'll be able to use .171 and .172 for your openvz containers, otherwise they won't work.

Report message to a moderator

Re: Host Node lost network upon install and restart [message #51450 is a reply to message #51447] Mon, 09 June 2014 01:50 Go to previous messageGo to next message
felixchang is currently offline  felixchang
Messages: 4
Registered: June 2014
Junior Member
This is a test machine with one single NIC card. Currently it is serving some web server from some public address A and through router's NAT mapped directly to the main ip of this machine.
ie public address A --> router -> main IP.

I got two other public IP (say B and C) so I want to map it to two more virtual IP in this machine so that is the reason for me to have two additional IP.

I also do not understand why I could not have two more virtual IP. Otherwise how else can I map the other public IP to this machine?

After much struggling, I found that if I do the followings, the network problem will go away :

in /etc/vz/vz.conf, set
IPTABLES_MODULES= "ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state"

Edit /etc/modprobe.d/openvz.conf to options nf_conntrack ip_conntrack_disable_ve0=0

Not sure exactly why but it works.

However, if I do a "service network restart", all the IP will disappear and I have to restart the machine to get back the same state.

Not as easy as I thought in setting up openvz.

Report message to a moderator

Re: Host Node lost network upon install and restart [message #51451 is a reply to message #51450] Mon, 09 June 2014 12:09 Go to previous messageGo to next message
Ales is currently offline  Ales
Messages: 330
Registered: May 2009
Senior Member
felixchang wrote on Mon, 09 June 2014 03:50
I got two other public IP (say B and C) so I want to map it to two more virtual IP in this machine so that is the reason for me to have two additional IP.

I also do not understand why I could not have two more virtual IP. Otherwise how else can I map the other public IP to this machine?

Think of your venet0 as another network card. If you want to use IP B and C on the node, add them to eth0, if you want to use them for your openvz containers, don't add them to eth0, use vzctl to add them to your containers directly.

You can't have IP B and C bind to two places at the same time, it's as simple as that.

Report message to a moderator

Re: Host Node lost network upon install and restart [message #51453 is a reply to message #51451] Tue, 10 June 2014 02:04 Go to previous message
felixchang is currently offline  felixchang
Messages: 4
Registered: June 2014
Junior Member
Thanks for point out and yes, I am aware of what you mean.

The original problem started when I have one physical IP and two virtual IP (bind to same physical NIC), after installing openvz and reboot, can no longer access network unless I stop the iptable service. Remember that at this point, I have not started any configuration or even create the VE.

Though I could eventually get the network to function (see previous email), I can not give myself a good explanation still.

Also, as you advise earlier, why should I remove the two virtual IP to get the network to work again ?

Just trying to satisfy myself the true cause. I google and found a few others had exact problem like me but did not see any good explanation yet.

Report message to a moderator

Previous Topic: Disk usage with plop. [SOLVED]
Next Topic: Containers Not Initializing With Usable Memory
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Thu Nov 07 23:40:29 GMT 2024

Total time taken to generate the page: 0.04940 seconds
Powered by FUDforum Powered by Virtuozzo Containers