OpenVZ Forum: Support » *SOLVED* Unable to access VE from outside

Home » General » Support » *SOLVED* Unable to access VE from outside

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

*SOLVED* Unable to access VE from outside [message #6315]

Wed, 13 September 2006 23:59

marcot
Messages: 16
Registered: September 2006

Junior Member

Hi all,

after going through the doc´s and lists over and over again i still can´t get my stuff working :-/.

I´m using Suse 10.0 as the host system, and the precached Suse10 within the VE.

I do have several public IPs, whereas the host owns one and one of the others is assigned to the VE. However, both IPs are not within the same subnet.

Works fine:

- ping the VE from the HN
- ping the HN from the VE
- ping the Internet (incl. DNS) from the VE

Doesn´t work:

- ping / access the VE from the Internet.

I´ve thought about adding the (additional) public IP to the physical eth card on the HN and to assign a private IP to the VE, routing the traffic in between them (SNAT / DNAT), however i think i´m on the wrong road here and there´s an easier way how to do it.

As far as i read the posts assigning the public IP to the VE should be the only thing to make it happen ?

Any clue what i´ve missed / what might be wrong ?

sysctl net.ipv4.ip_forward is set to 1, and the problem persists with and w/o the firewall on HN being present.

Thanks & Rgds,
Marco

[Updated on: Thu, 14 September 2006 11:01] by Moderator

Report message to a moderator

Re: Unable to access VE from outside [message #6320 is a reply to message #6315]

Thu, 14 September 2006 06:30

Vasily Tarasov
Messages: 1345
Registered: January 2006

Senior Member

Hell, Marco,

It should work without SNAT/DNAT if you have public IP for VE.
Can you, please, provide output of
ifconfig -a and route -nv inside VE and on HN?

Thanks.

Report message to a moderator

Re: Unable to access VE from outside [message #6338 is a reply to message #6320]

Thu, 14 September 2006 10:08

marcot
Messages: 16
Registered: September 2006

Junior Member

Hi Vass,

shure, here we are.

In below´s config i´ve been adding xx.yy.180.203 as eth1:203 to the HN (this one is pingable from outside world) whereas the VE carries xx.yy.180.202 (which is unreachable from outside).

Both are public IPs.

HN:

ifconfig -a

eth1      Link encap:Ethernet  HWaddr 00:16:17:18:19:BC
          inet addr:xx.yy.9.37  Bcast:xx.yy.9.63  Mask:255.255.255.224
          inet6 addr: xx::yy:zz:aa:bb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:22815 errors:0 dropped:0 overruns:0 frame:0
          TX packets:20538 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2501799 (2.3 Mb)  TX bytes:3500666 (3.3 Mb)
          Interrupt:177 Base address:0x6000

eth1:203  Link encap:Ethernet  HWaddr 00:16:17:18:19:BC
          inet addr:xx.yy.180.203  Bcast:xx.yy.180.207  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:177 Base address:0x6000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

sit0      Link encap:IPv6-in-IPv4
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:37 errors:0 dropped:0 overruns:0 frame:0
          TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2779 (2.7 Kb)  TX bytes:7312 (7.1 Kb)

route -nv

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
xx.yy.180.202  0.0.0.0         255.255.255.255 UH    0      0        0 venet0
xx.yy.180.200  xx.yy.180.201   255.255.255.248 UG    0      0        0 eth1
xx.yy.9.32     0.0.0.0         255.255.255.224 U     0      0        0 eth1
169.254.0.0    0.0.0.0         255.255.0.0     U     0      0        0 eth1
127.0.0.0      0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0        xx.yy.9.33      0.0.0.0         UG    0      0        0 eth1

VE:

ifconfig -a

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:29 errors:0 dropped:0 overruns:0 frame:0
          TX packets:37 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:7312 (7.1 Kb)  TX bytes:2779 (2.7 Kb)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:xx.yy.180.202  P-t-P:xx.yy.180.202  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

route -nv

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
191.255.255.0   0.0.0.0         255.255.255.0   U     0      0        0 venet0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         191.255.255.1   0.0.0.0         UG    0      0        0 venet0

Thanks in advance !

[Updated on: Thu, 14 September 2006 10:08]

Report message to a moderator

Re: Unable to access VE from outside [message #6342 is a reply to message #6338]

Thu, 14 September 2006 10:42

Vasily Tarasov
Messages: 1345
Registered: January 2006

Senior Member

Hmmm... Seems, that it should work....

BTW, If you set xx.yy.180.203 ip for VE does it work? Smile

Maybe it's a bad IP .202, I mean, it's blocked somethere on gateway...

Report message to a moderator

Re: Unable to access VE from outside [message #6343 is a reply to message #6342]

Thu, 14 September 2006 10:51

marcot
Messages: 16
Registered: September 2006

Junior Member

Hi Vass,

no, just tried to assign another IP and restarted VE - no luck.

As from the HN there´s no issue at all, i can access the VE as desired.

One point which puzzles me: When just assigning the IP to the VE and nowhere else, how does the external gateway know that my HN will take requests for that IP ?

Thanks & Rgds,
Marco

Report message to a moderator