**FIXED** DNS not working in VE [message #4516] |
Wed, 12 July 2006 21:51 ![Go to next message Go to previous message](/theme/ovz3/images/down.png) |
jchamilton
Messages: 8 Registered: July 2006
|
Junior Member |
|
|
I've searched the forum, wiki, and mailing lists and the only thread I could find in which the issue is "solved" is here: http://forum.openvz.org/index.php?t=tree&th=761&mid= 3947&&rev=&reveal=
The problem is I cannot get a response for DNS queries executed from my VE's if iptables is running on the HN.
- I have ip_conntrack enabled in /etc/modules.conf
- I have a nameserver config'd in /etc/resolv.conf
- nsswitch.conf has "hosts: files dns"
- I can connect to the VE via ssh. (using IP addr)
- I can connect to other machines on the network from the VE via ssh. (using IP addr)
- If iptables is stopped, DNS lookups on the VE work. (using ping, dig, and getent)
- If iptables is running dig gives the error: "connection timed out; no servers could be reached" even if I specify the nameserver on the command line.
- If iptables is running ping just says: "unknown host ..."
- I'm pretty sure at one point it was working though and that's what really mystifies me...
- I've also restarted vz and iptables on the HN with no joy.
Here's what the firewall tables look like:
Table: nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Table: mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:139
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:445
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Both the host and guest OS are CentOS 4.
Any ideas other than turn off the firewall?
jch
[Updated on: Thu, 13 July 2006 14:20] Report message to a moderator
|
|
|