OpenVZ Forum: Support » Accessing VE from 2 different networks

Home » General » Support » Accessing VE from 2 different networks

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Accessing VE from 2 different networks [message #7668]

Thu, 19 October 2006 23:32

gwondaleya
Messages: 6
Registered: October 2006

Junior Member

Hello

Still with my ipcop box (see message on MASQUERADE).
the config is the following
one eth card pointing to my lan (eth0) 192.168.1.1
one eth card pointing to internet (eth2) 192.168.0.1
one VE with venet, IP address of the VE is 192.168.2.1
I have been able for now to start a VE with LAMP and named too.

i have allowed DNAT and SNAT for the eth0 using the commands given in the howto networking :

iptables -t nat -A PREROUTING -p tcp -d ip_address --dport 80 \
-i eth0 -j DNAT --to-destination ve_address:80
iptables -t nat -A POSTROUTING -s ve_address -o eth0 -j SNAT --to ip_address
idem for port 53 (dns service)

and also the same commands for eth2 (internet) (port 80 and 53)

My problem is that while it works perfectly for the lan (access to the web server and name resolution OK), the access from the eth2 device doesn't work at all (nor web nor dns)

here are the output of
route -nv and ifconfig -a on HN

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.1 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
0.0.0.0 192.168.0.254 0.0.0.0 UG 0 0 0 eth2

eth0 Link encap:Ethernet HWaddr 00:E0:4C:03:0F:F4
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12310 errors:0 dropped:0 overruns:0 frame:0
TX packets:10594 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1077738 (1.0 MB) TX bytes:3594838 (3.4 MB)
Interrupt:11 Base address:0xf800

eth1 Link encap:Ethernet HWaddr 00:50:FC:A3:30:6C
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:10 Base address:0xf400

eth2 Link encap:Ethernet HWaddr 00:50:FC:A3:16:4E
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1
RX packets:2749 errors:0 dropped:0 overruns:0 frame:0
TX packets:2327 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1946756 (1.8 MB) TX bytes:287825 (281.0 KB)
Interrupt:9 Base address:0xf000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:30 errors:0 dropped:0 overruns:0 frame:0
TX packets:30 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3272 (3.1 KB) TX bytes:3272 (3.1 KB)

sit0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:493 errors:0 dropped:0 overruns:0 frame:0
TX packets:521 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:190393 (185.9 KB) TX bytes:36381 (35.5 KB)

the iptables -t nat -nvL give:
Chain PREROUTING (policy ACCEPT 691 packets, 57689 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 192.168.1.1 tcp dpt:53 to:192.168.2.1:53
0 0 DNAT udp -- eth0 * 0.0.0.0/0 192.168.1.1 udp dpt:53 to:192.168.2.1:53
18 912 DNAT tcp -- eth2 * 0.0.0.0/0 192.168.0.1 tcp dpt:53 to:192.168.2.1:53
27 1578 DNAT udp -- eth2 * 0.0.0.0/0 192.168.0.1 udp dpt:53 to:192.168.2.1:53

Chain POSTROUTING (policy ACCEPT 21 packets, 2159 bytes)
pkts bytes target prot opt in out source destination
153 9214 CUSTOMPOSTROUTING all -- * * 0.0.0.0/0 0.0.0.0/0
153 9214 REDNAT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 SNAT all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x1 to:192.168.1.1
0 0 SNAT all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x3 to:192.168.2.1
0 0 SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 to:192.168.1.1
0 0 SNAT all -- * eth2 0.0.0.0/0 0.0.0.0/0 to:192.168.0.1

All seems clear to me, but the dns do not respond from outside (as dnsreport.com report) nor the web as a friend of me checked.

Any idea?

Report message to a moderator

Previous Topic:	SOLVED No parallel port on VE
Next Topic:	Startup script on slack

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Wed Jul 31 06:18:35 GMT 2024

Total time taken to generate the page: 0.02798 seconds