OpenVZ Forum


Home » General » Support » Internet access from VE (again)
Re: Internet access from VE (again) [message #27285 is a reply to message #27284] Wed, 13 February 2008 21:06 Go to previous messageGo to previous message
Thomasd is currently offline  Thomasd
Messages: 39
Registered: December 2007
Member
I should add this:
(from the host)
# iptables -t filter -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere            tcp dpt:search to:10.0.20.10:22
DNAT       tcp  --  anywhere             anywhere            tcp dpt:domain to:10.0.20.10:53
DNAT       udp  --  anywhere             anywhere            udp dpt:domain to:10.0.20.10:53
DNAT       tcp  --  anywhere             anywhere            tcp dpt:xinupageserver to:10.0.20.20:22
DNAT       tcp  --  anywhere             anywhere            tcp dpt:samsung-unidex to:10.0.40.10:22
DNAT       tcp  --  anywhere             anywhere            tcp dpt:trap to:10.0.40.20:22
DNAT       tcp  --  anywhere             anywhere            tcp dpt:imap to:10.0.40.20:143
DNAT       tcp  --  anywhere             anywhere            tcp dpt:smtp to:10.0.40.20:25
DNAT       tcp  --  anywhere             anywhere            tcp dpt:yo-main to:10.0.40.40:22
DNAT       tcp  --  anywhere             anywhere            tcp dpt:4080 to:10.0.40.80:22
DNAT       tcp  --  anywhere             anywhere            tcp dpt:x11-ssh-offset to:10.0.60.10:22
DNAT       tcp  --  anywhere             anywhere            tcp dpt:6020 to:10.0.60.20:22
DNAT       tcp  --  anywhere             anywhere            tcp dpt:6040 to:10.0.60.40:22
DNAT       tcp  --  anywhere             anywhere            tcp dpt:6080 to:10.0.60.80:22
DNAT       tcp  --  anywhere             anywhere            tcp dpt:8010 to:10.0.80.10:22

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       all  --  10.0.0.0/16          anywhere            to:<my main ip>

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


then, when trying to do a ping yahoo.com from the VE, I did this on the host:
# tcpdump -n -i venet0
tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back to cooked socket
tcpdump: WARNING: venet0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on venet0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
13:07:43.534691 IP 10.0.40.10.32921 > 208.109.188.1.domain:  42549+ A? yahoo.com. (27)
13:07:43.534723 IP 10.0.40.10.32921 > 10.0.20.10.domain:  42549+ A? yahoo.com. (27)
13:07:43.535025 IP 10.0.20.10.domain > 10.0.40.10.32921:  42549- 0/13/0 (238)
13:07:43.535049 IP 208.109.188.1.domain > 10.0.40.10.32921:  42549- 0/13/0 (238)
13:07:43.536025 IP 10.0.40.10.32921 > 208.109.188.2.domain:  42549+ A? yahoo.com. (27)
13:07:43.536053 IP 10.0.40.10.res > 10.0.20.10.domain:  42549+ A? yahoo.com. (27)
13:07:43.536312 IP 10.0.20.10.domain > 10.0.40.10.res:  42549- 0/13/0 (238)
13:07:43.536335 IP 208.109.188.2.domain > 10.0.40.10.32921:  42549- 0/13/0 (238)
13:07:43.536688 IP 10.0.40.10.32921 > 208.109.188.1.domain:  42549+ A? yahoo.com. (27)
13:07:43.536714 IP 10.0.40.10.32921 > 10.0.20.10.domain:  42549+ A? yahoo.com. (27)
13:07:43.537109 IP 10.0.20.10.domain > 10.0.40.10.32921:  42549- 0/13/0 (238)
13:07:43.537138 IP 208.109.188.1.domain > 10.0.40.10.32921:  42549- 0/13/0 (238)
13:07:43.537303 IP 10.0.40.10.32921 > 208.109.188.2.domain:  42549+ A? yahoo.com. (27)
13:07:43.537324 IP 10.0.40.10.res > 10.0.20.10.domain:  42549+ A? yahoo.com. (27)
13:07:43.537759 IP 10.0.20.10.domain > 10.0.40.10.res:  42549- 0/13/0 (238)
13:07:43.537789 IP 208.109.188.2.domain > 10.0.40.10.32921:  42549- 0/13/0 (238)
13:07:43.537992 IP 10.0.40.10.32921 > 208.109.188.1.domain:  25734+ A? yahoo.com. (27)
13:07:43.538012 IP 10.0.40.10.32921 > 10.0.20.10.domain:  25734+ A? yahoo.com. (27)
13:07:43.538459 IP 10.0.20.10.domain > 10.0.40.10.32921:  25734- 0/13/0 (238)
13:07:43.538488 IP 208.109.188.1.domain > 10.0.40.10.32921:  25734- 0/13/0 (238)
13:07:43.538641 IP 10.0.40.10.32921 > 208.109.188.2.domain:  25734+ A? yahoo.com. (27)
13:07:43.538661 IP 10.0.40.10.res > 10.0.20.10.domain:  25734+ A? yahoo.com. (27)
13:07:43.539097 IP 10.0.20.10.domain > 10.0.40.10.res:  25734- 0/13/0 (238)
13:07:43.539126 IP 208.109.188.2.domain > 10.0.40.10.32921:  25734- 0/13/0 (238)
13:07:43.539288 IP 10.0.40.10.32921 > 208.109.188.1.domain:  25734+ A? yahoo.com. (27)
13:07:43.539306 IP 10.0.40.10.32921 > 10.0.20.10.domain:  25734+ A? yahoo.com. (27)
13:07:43.539732 IP 10.0.20.10.domain > 10.0.40.10.32921:  25734- 0/13/0 (238)
13:07:43.539767 IP 208.109.188.1.domain > 10.0.40.10.32921:  25734- 0/13/0 (238)
13:07:43.539926 IP 10.0.40.10.32921 > 208.109.188.2.domain:  25734+ A? yahoo.com. (27)
13:07:43.539945 IP 10.0.40.10.res > 10.0.20.10.domain:  25734+ A? yahoo.com. (27)
13:07:43.540381 IP 10.0.20.10.domain > 10.0.40.10.res:  25734- 0/13/0 (238)
13:07:43.540410 IP 208.109.188.2.domain > 10.0.40.10.32921:  25734- 0/13/0 (238)

(208.109.188.1 and 208.109.188.2 are my nameservers)

[Updated on: Wed, 13 February 2008 21:08]

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: eth0 dies when using openVZ kernel.
Next Topic: Error: Dropped Packet, Source wrong veid...
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sat Aug 17 03:17:05 GMT 2024

Total time taken to generate the page: 0.02734 seconds
Powered by FUDforum Powered by Virtuozzo Containers