OpenVZ Forum


Home » General » Support » outbound connectivity lost on all VE nodes
outbound connectivity lost on all VE nodes [message #9862] Fri, 26 January 2007 15:44 Go to next message
slonghurst is currently offline  slonghurst
Messages: 40
Registered: September 2006
Location: UK
Member
We had a power failure today which meant the virtual server host server was turned off and back on. I have managed to start up all the nodes again, but i have a problem with outbound connections from the nodes within the virtual servers. Inbound connections are fine, and in and outbound connections from the host server are fine.

Any help greatly appreciated

Regards

Shaun

Report message to a moderator

Re: outbound connectivity lost on all VE nodes [message #9863 is a reply to message #9862] Fri, 26 January 2007 16:00 Go to previous messageGo to next message
dim is currently offline  dim
Messages: 344
Registered: August 2005
Senior Member
Do you use IPs from private pools for VEs?
Did you check net.ipv4.ip_forward sysctl value?

http://static.openvz.org/openvz_userbar_en.gif

Report message to a moderator

Re: outbound connectivity lost on all VE nodes [message #9864 is a reply to message #9863] Fri, 26 January 2007 16:09 Go to previous messageGo to next message
slonghurst is currently offline  slonghurst
Messages: 40
Registered: September 2006
Location: UK
Member
hi

thanks for you response, I have checked the /etc/sysctl.conf file on the host node and this is all configured as per the installation guide.

On the host node net.ipv4.ip_forward = 1 and on the VE nodes net.ipv4.ip_forward = 0

We use the ips

192.168.0.210 - host node
192.168.0.211 - 225 for the VE nodes

All was working fine before the host server was shutdown and restarted.

Report message to a moderator

Re: outbound connectivity lost on all VE nodes [message #9865 is a reply to message #9864] Fri, 26 January 2007 16:11 Go to previous messageGo to next message
dim is currently offline  dim
Messages: 344
Registered: August 2005
Senior Member
Probably, iptables issue?

http://static.openvz.org/openvz_userbar_en.gif

Report message to a moderator

Re: outbound connectivity lost on all VE nodes [message #9866 is a reply to message #9865] Fri, 26 January 2007 16:15 Go to previous messageGo to next message
slonghurst is currently offline  slonghurst
Messages: 40
Registered: September 2006
Location: UK
Member
have stopped IPTABLES service to take that out of the question. I am at a loss. do I have to configure the default gateway on the VE nodes?

I can ping the host node, or any other node or any other computer in our internal network

But as soon as i try and ping an IP or an Address outside it fails

Regards

Shaun

Report message to a moderator

Re: outbound connectivity lost on all VE nodes [message #9867 is a reply to message #9866] Fri, 26 January 2007 16:26 Go to previous messageGo to next message
dim is currently offline  dim
Messages: 344
Registered: August 2005
Senior Member
Thus it is a problem of NAT of the outgoing gateway. It maps IP of the host node, but doesn't map IPs of the VEs.

http://static.openvz.org/openvz_userbar_en.gif

Report message to a moderator

Re: outbound connectivity lost on all VE nodes [message #9868 is a reply to message #9865] Fri, 26 January 2007 16:27 Go to previous messageGo to next message
slonghurst is currently offline  slonghurst
Messages: 40
Registered: September 2006
Location: UK
Member
just found this page on the site

http://wiki.openvz.org/Using_NAT_for_VE_with_private_IPs

now i have tried setting this up again, and restarting iptables on the host node but i get a failure unloading the iptables modules and the service is not starting

Report message to a moderator

Re: outbound connectivity lost on all VE nodes [message #9869 is a reply to message #9868] Fri, 26 January 2007 16:39 Go to previous messageGo to next message
dim is currently offline  dim
Messages: 344
Registered: August 2005
Senior Member
As your node have IP from the same private pool, there should be NAT somewhere on the packets way from host node to the Internet. If this NAT is under your control, the best way to fix VE's outgoing connection issue is to add their addresses to that NAT.
Another way, which is worse in the above case, but the one in the case, when you have no access to the above NAT, is to setup iptables on the host node, as you've read at the http://wiki.openvz.org/Using_NAT_for_VE_with_private_IPs

Now, when you tried and failed, I need to have the following info:
1) kernel version you use
2) distro version, you use
2) `lsmod` command output
3) `/etc/init.d/iptables restart` output
4) `lsmod` after iptables restart
5) `iptables-save` output

http://static.openvz.org/openvz_userbar_en.gif

Report message to a moderator

Re: outbound connectivity lost on all VE nodes [message #9871 is a reply to message #9869] Fri, 26 January 2007 16:45 Go to previous messageGo to next message
slonghurst is currently offline  slonghurst
Messages: 40
Registered: September 2006
Location: UK
Member
thanks for your help

1) 2.6.0-023stab016.2
2) centos 4
3)
Module Size Used by
simfs 3452 13
vzethdev 6956 0
vzdquota 40080 13 [permanent]
af_packet 17000 0
ipt_length 1376 13
ipt_ttl 1536 13
ipt_tcpmss 1920 13
ipt_TCPMSS 3616 13
iptable_mangle 4192 13
iptable_filter 4032 13
ipt_multiport 1728 13
ipt_limit 1856 13
ipt_tos 1312 13
ipt_REJECT 5792 13
ip_tables 21328 10 ipt_length,ipt_ttl,ipt_tcpmss,ipt_TCPMSS,iptable_mangle,ipta ble_filter,ipt_multiport,ipt_limit,ipt_tos,ipt_REJECT
parport_pc 23744 0
lp 8168 0
parport 19872 2 parport_pc,lp
sunrpc 136996 1
vznetdev 12416 27
vzmon 42976 15 vzethdev,vznetdev
vzdev 1824 4 vzethdev,vzdquota,vznetdev,vzmon
thermal 10344 0
processor 10428 1 thermal
fan 2628 0
button 4560 0
battery 6788 0
ac 3044 0
uhci_hcd 28792 0
ehci_hcd 26788 0
usbcore 103268 4 uhci_hcd,ehci_hcd
tg3 108932 0
floppy 55440 0
ide_cd 38560 0
cdrom 38204 1 ide_cd

4) Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle filter [ OK ]
Unloading iptables modules: [FAILED]

5) Module Size Used by
simfs 3452 13
vzethdev 6956 0
vzdquota 40080 13 [permanent]
af_packet 17000 0
ipt_length 1376 13
ipt_ttl 1536 13
ipt_tcpmss 1920 13
ipt_TCPMSS 3616 13
iptable_mangle 4192 13
iptable_filter 4032 13
ipt_multiport 1728 13
ipt_limit 1856 13
ipt_tos 1312 13
ipt_REJECT 5792 13
ip_tables 21328 10 ipt_length,ipt_ttl,ipt_tcpmss,ipt_TCPMSS,iptable_mangle,ipta ble_filter,ipt_multiport,ipt_limit,ipt_tos,ipt_REJECT
parport_pc 23744 0
lp 8168 0
parport 19872 2 parport_pc,lp
sunrpc 136996 1
vznetdev 12416 27
vzmon 42976 15 vzethdev,vznetdev
vzdev 1824 4 vzethdev,vzdquota,vznetdev,vzmon
thermal 10344 0
processor 10428 1 thermal
fan 2628 0
button 4560 0
battery 6788 0
ac 3044 0
uhci_hcd 28792 0
ehci_hcd 26788 0
usbcore 103268 4 uhci_hcd,ehci_hcd
tg3 108932 0
floppy 55440 0
ide_cd 38560 0
cdrom 38204 1 ide_cd

6) # Generated by iptables-save v1.2.11 on Fri Jan 26 17:42:08 2007
*mangle
:PREROUTING ACCEPT [111:10228]
:INPUT ACCEPT [99:7665]
:FORWARD ACCEPT [12:2563]
:OUTPUT ACCEPT [73:12736]
:POSTROUTING ACCEPT [85:15299]
COMMIT
# Completed on Fri Jan 26 17:42:08 2007
# Generated by iptables-save v1.2.11 on Fri Jan 26 17:42:08 2007
*filter
:INPUT ACCEPT [99:7665]
:FORWARD ACCEPT [12:2563]
:OUTPUT ACCEPT [73:12736]
COMMIT
# Completed on Fri Jan 26 17:42:08 2007

Report message to a moderator

Re: outbound connectivity lost on all VE nodes [message #9872 is a reply to message #9871] Fri, 26 January 2007 16:56 Go to previous messageGo to next message
dim is currently offline  dim
Messages: 344
Registered: August 2005
Senior Member
iptables modules are used by VEs, you need to stop service vz before restarting iptables.

http://static.openvz.org/openvz_userbar_en.gif

Report message to a moderator

Re: outbound connectivity lost on all VE nodes [message #9873 is a reply to message #9872] Fri, 26 January 2007 17:02 Go to previous messageGo to next message
slonghurst is currently offline  slonghurst
Messages: 40
Registered: September 2006
Location: UK
Member
yeah i thought of that just now. So have now done this. Though still when i did iptables start the messages came back ok, but doing a status check says firewall is stopped.

Report message to a moderator

Re: outbound connectivity lost on all VE nodes [message #9904 is a reply to message #9873] Mon, 29 January 2007 09:23 Go to previous message
slonghurst is currently offline  slonghurst
Messages: 40
Registered: September 2006
Location: UK
Member
This seems to have resolved itself. I stopped iptables, stopped vz service.

set this line :-

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to ip_address


started vz service

Did not start iptables and this seems to have resolved things.

Thanks for your help.

Report message to a moderator

Previous Topic: *SOLVED* random device missing
Next Topic: *SOLVED* compat_nanosleep_restart undeclared
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Thu Jul 11 15:34:53 GMT 2024

Total time taken to generate the page: 0.02369 seconds
Powered by FUDforum Powered by Virtuozzo Containers