Home » General » Support » VPS doesn't work outsite Node server
Re: VPS doesn't work outsite Node server [message #10901 is a reply to message #10835] |
Tue, 06 March 2007 21:54 |
xwinner
Messages: 11 Registered: December 2006
|
Junior Member |
|
|
Vasily Tarasov wrote on Mon, 05 March 2007 10:29 | Hello,
If you ask such question, please, provide details:
# ip a l
# ip r l
# iptables -L
# iptables -t nat -L
# cat /proc/sys/net/ipv4/ip_forwarding
!!!these commands should be run in VE and on HN!!!
Thanks,
Vasily.
|
in Node Server:
[root@scrameustache vz]# ip a l
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:6e:40:24:1a brd ff:ff:ff:ff:ff:ff
inet 192.168.0.10/24 brd 192.168.0.255 scope global eth0
4: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 00:0c:6e:40:24:19 brd ff:ff:ff:ff:ff:ff
6: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
1: venet0: <BROADCAST,POINTOPOINT,NOARP,UP> mtu 1500 qdisc noqueue
link/void
3: veth101.0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 00:12:34:56:78:9b brd ff:ff:ff:ff:ff:ff
[root@scrameustache vz]# ip r l
192.168.0.101 dev veth101.0 scope link
192.168.0.101 dev venet0 scope link
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.10 metric 10
default via 192.168.0.1 dev eth0 metric 10
[root@scrameustache vz]# iptables -L
Chain Drop (1 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid all -- anywhere anywhere
DROP udp -- anywhere anywhere multiport dports 135,microsoft-ds
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
DROP tcp -- anywhere anywhere multiport dports 135,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Ifw all -- anywhere anywhere
eth0_in all -- anywhere anywhere
venet0_in all -- anywhere anywhere
veth101_0_in all -- anywhere anywhere
sit0_in all -- anywhere anywhere
eth1_in all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:'
reject all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
eth0_fwd all -- anywhere anywhere
venet0_fwd all -- anywhere anywhere
veth101_0_fwd all -- anywhere anywhere
sit0_fwd all -- anywhere anywhere
eth1_fwd all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject all -- anywhere anywhere
Chain Ifw (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere set ifw_wl src
DROP all -- anywhere anywhere set ifw_bl src
IFWLOG all -- anywhere anywhere state INVALID,NEW psd weight-threshold: 10 delay-threshold: 10000 lo-ports-weight: 1 hi-ports-weight: 2 IFWLOG prefix 'SCAN'
IFWLOG udp -- anywhere anywhere state NEW udp dpt:domain IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:http IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:https IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:domain IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:ssh IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:ftp-data IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:ftp IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:smtp IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:pop2 IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:pop3 IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:imap IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:10000 IFWLOG prefix 'NEW'
IFWLOG tcp -- anywhere anywhere state NEW tcp dpt:4900 IFWLOG prefix 'NEW'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
fw2net all -- anywhere anywhere
fw2loc all -- anywhere anywhere
fw2loc all -- anywhere anywhere
fw2loc all -- anywhere anywhere
fw2loc all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:'
reject all -- anywhere anywhere
Chain Reject (4 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid all -- anywhere anywhere
reject udp -- anywhere anywhere multiport dports 135,microsoft-ds
reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
reject tcp -- anywhere anywhere multiport dports 135,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain
Chain all2all (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:'
reject all -- anywhere anywhere
Chain dropBcast (2 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
DROP all -- anywhere anywhere PKTTYPE = multicast
Chain dropInvalid (2 references)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
Chain dropNotSyn (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
Chain dynamic (10 references)
target prot opt source destination
Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
net2all all -- anywhere anywhere
net2all all -- anywhere anywhere
net2all all -- anywhere anywhere
net2all all -- anywhere anywhere
Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
net2fw all -- anywhere anywhere
Chain eth1_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
loc2net all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain eth1_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
loc2fw all -- anywhere anywhere
Chain fw2loc (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain loc2fw (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain loc2net (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain net2all (5 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:net2all:DROP:'
DROP all -- anywhere anywhere
Chain net2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere multiport dports http,https,domain,ssh,ftp-data,ftp,smtp,pop2,pop3,imap,10000 ,4900
net2all all -- anywhere anywhere
Chain reject (10 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
DROP all -- anywhere anywhere PKTTYPE = multicast
DROP all -- 192.168.0.255 anywhere
DROP all -- 255.255.255.255 anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain shorewall (0 references)
target prot opt source destination
Chain sit0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
loc2net all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain sit0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
loc2fw all -- anywhere anywhere
Chain smurfs (0 references)
target prot opt source destination
LOG all -- 192.168.0.255 anywhere LOG level info prefix `Shorewall:smurfs:DROP:'
DROP all -- 192.168.0.255 anywhere
LOG all -- 255.255.255.255 anywhere LOG level info prefix `Shorewall:smurfs:DROP:'
DROP all -- 255.255.255.255 anywhere
LOG all -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level info prefix `Shorewall:smurfs:DROP:'
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
Chain venet0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
loc2net all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain venet0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
loc2fw all -- anywhere anywhere
Chain veth101_0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
loc2net all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain veth101_0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
loc2fw all -- anywhere anywhere
[root@scrameustache vz]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@scrameustache vz]# cat /proc/sys/net/ipv4/ip_forward
1
IN VPS:
[root@scrameustache vz]# vzctl enter 101
entered into VE 101
[root@vps101 /]# ip a l
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
3: venet0: <BROADCAST,POINTOPOINT,NOARP> mtu 1500 qdisc noop
link/void
5: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 00:12:34:56:78:9a brd ff:ff:ff:ff:ff:ff
inet 192.168.0.101/32 scope global eth0
[root@vps101 /]# ip r l
default dev eth0 scope link
[root@vps101 /]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@vps101 /]# iptables -t nat -L
iptables v1.3.3: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
[root@vps101 /]# cat /proc/sys/net/ipv4/ip_forward
1
VoilĂ
it's a long post now
THanks,
André
[Updated on: Tue, 06 March 2007 22:32] Report message to a moderator
|
|
|
Goto Forum:
Current Time: Mon Aug 05 23:06:10 GMT 2024
Total time taken to generate the page: 0.03080 seconds
|