*SOLVED* IP forwarding [message #8461] |
Mon, 20 November 2006 13:37 |
jimq
Messages: 3 Registered: November 2006
|
Junior Member |
|
|
Hello all,
I am new to this forum, and to VZ.
My host node was setup with forzza-installer-1.4.2_i386.iso and has Ip 192.168.21.10 and name vm01.
I have created a VE whose IP is 10.0.1.1 and name is test110.
I have been trying to use IP forwarding to connect to the VE through ssh from the outside, using another port (50022), following the explanations provided on http://wiki.openvz.org/Using_NAT_for_VE_with_private_IPs
All I can get is :
debian@debiandb1:~$ ssh root@192.168.21.10 -p 50022
ssh: connect to host 192.168.21.10 port 50022: Connection refused
while the connection to the host works:
debian@debiandb1:~$ ssh root@192.168.21.10 -p 22
Password:
Last login: Sat Nov 18 21:43:41 2006 from 192.168.21.110
**************************************
vm01:/var# more /etc/network/options
ip_forward=yes
spoofprotect=yes
syncookies=no
*****************************************
vm01:/etc# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere vm01 tcp dpt:50022 to:10.0.1.1:22
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- test110 anywhere to:192.168.21.10
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
If somebody can tell me what is wrong or missing, I would greatly appreciate.
Thanks in advance
Jim
[Updated on: Thu, 23 November 2006 11:36] by Moderator Report message to a moderator
|
|
|
|
|
|
Re: IP forwarding [message #8479 is a reply to message #8477] |
Mon, 20 November 2006 17:45 |
jimq
Messages: 3 Registered: November 2006
|
Junior Member |
|
|
This does not change the outcome.
Additionnal info I collected -if it can help.
(May be something very basic is wrong here)
my HN is a virtual machine using VMWare.
This is why is has a 192.168.x.x IP address.
HN (vm01) is 192.168.21.10
VE (test110) is 10.0.1.1
I can successfully :
#######
ping VE from HN
ping HN from VE
ssh root@VE from HN
ssh root@HN from VE
IP forwarding seems enabled:
vm01:/etc# more sysctl.conf | grep forward
# packet forwarding enabled and proxy arp disabled
net.ipv4.ip_forward = 1
vm01:/etc/network# more options | grep forward
ip_forward=yes
And on the VE:
root@test110:/etc# more sysctl.conf | grep forward
# Uncomment the next line to enable packet forwarding for IPv4
net/ipv4/ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
#net/ipv6/ip_forward=1
I can ping www.google.com from the VE
Other info
##########
On HN
vm01:/etc/network# ip a l
2: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
4: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:b8:54:b7 brd ff:ff:ff:ff:ff:ff
inet 192.168.21.10/24 brd 192.168.21.255 scope global eth0
1: venet0: <BROADCAST,POINTOPOINT,NOARP,UP> mtu 1500 qdisc noqueue
link/void
On VE
root@test110:/etc/network# ip a l
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
3: venet0: <BROADCAST,POINTOPOINT,NOARP,UP> mtu 1500 qdisc noqueue
link/void
inet 127.0.0.1/32 scope host venet0
inet 10.0.1.1/32 scope global venet0:0
|
|
|
Re: IP forwarding [message #8511 is a reply to message #8479] |
Wed, 22 November 2006 09:35 |
dim
Messages: 344 Registered: August 2005
|
Senior Member |
|
|
Do you have /proc/net/ip_conntrack file at the HN?
If so, I need an access to your node in order to resolve issue.
Please, send credentials via PM.
|
|
|