OpenVZ Forum



Members   Search      Help    Register    Login    Home
Home » General » Support » *SOLVED* Shorewall
*SOLVED* Shorewall [message #16399] Tue, 04 September 2007 15:10 Go to next message
maximiliano is currently offline maximiliano
Messages: 8
Registered: September 2007
Junior Member
From: *mrse.com.ar
Hello,
I have a problem with OpenVZ and I need help please. I search in forum but I dont find the solution to my problem.

I installed OpenVZ and I have shorewall install in Hardware Node.

From hardware Node to VPS I can ping and connect with ssh without any problem.
But when I want to ping from a lan machine to VPS, I cant. Why??

My shorewall's configuration is:

Zone
====
#ZONE TYPE
fw firewall
net ipv4
openv ipv4

Interfaces
==========
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect
openv venet0 192.168.10.255 routeback


Policy
======
#SOURCE DEST POLICY LOG
fw net ACCEPT
net all DROP info
all all REJECT info

rules
=====
Ping/ACCEPT fw openv
Ping/ACCEPT net openv
ACCEPT fw openv tcp 22

In the message log I cant see nothing so I dont know what can it be...

Thnx,

Best Regards
Maximiliano

[Updated on: Fri, 07 September 2007 00:00] by Moderator

Report message to a moderator

Re: Shorewall [message #16400 is a reply to message #16399] Tue, 04 September 2007 15:18 Go to previous messageGo to next message
maximiliano is currently offline maximiliano
Messages: 8
Registered: September 2007
Junior Member
From: *mrse.com.ar
Ok sorry to post, I found solution:

RULES
=====
Ping/ACCEPT fw openv
Ping/ACCEPT net openv
ACCEPT fw openv tcp 22

Ping/ACCEPT openv fw <-- add
Ping/ACCEPT openv net <-- add

Thnx Everyone
Best Regards
Maximiliano
Re: Shorewall [message #16401 is a reply to message #16400] Tue, 04 September 2007 15:23 Go to previous messageGo to next message
maximiliano is currently offline maximiliano
Messages: 8
Registered: September 2007
Junior Member
From: *mrse.com.ar
Sorry but didn't work. Evil or Very Mad

This work to ping from VPS -> Hardware Node

But I cant ping lan machines! Mad

Can anyone help me please?

Thnx
Re: Shorewall [message #16406 is a reply to message #16401] Tue, 04 September 2007 23:21 Go to previous messageGo to next message
Vasily Tarasov is currently offline Vasily Tarasov
Messages: 1345
Registered: January 2006
Senior Member
From: *resnet.stonybrook.edu
Hi,

First of all, tell us, please, does without the shorewall everything works as you expect? It will narrow the area of investigation greatly Wink

Thank you,
Vasily
Re: Shorewall [message #16412 is a reply to message #16406] Wed, 05 September 2007 07:28 Go to previous messageGo to next message
maximiliano is currently offline maximiliano
Messages: 8
Registered: September 2007
Junior Member
From: *mrse.com.ar
Yes, This was my first OpenVZ's installation and I did not have any problem to this.
Hardware Node is installed with CENTOS 4.5 and OpenVZ 2.6.9-023stab044.4-smp kernel.
I could create one VPS with centos 4 Metadata template and this work good.
My only problem is when I start shorewall in the hardware node, I lost connection between VPS and Networks Machines and vice versa.

I think that the problem must be in the shorewall configuration but I cant see nothing in syslog.
I reed something about add "options ip_conntrack ip_conntrack_enable_ve0=1" in /etc/modprobe.conf but nothing happend.

I think that OpenVZ is an excelent option for Virtualization and with a little knowledge and desire can use that very well.

If some person could configure shorewall with OpenVZ in the hardware Node please post configuration (interfaces,zones,policy and rules).

Best Regards
Maximiliano NC.

[Updated on: Wed, 05 September 2007 07:30]

Report message to a moderator

Re: Shorewall [message #16413 is a reply to message #16412] Wed, 05 September 2007 08:45 Go to previous message
maximiliano is currently offline maximiliano
Messages: 8
Registered: September 2007
Junior Member
From: *mrse.com.ar
Ok People I found the solution to my problem...

When I raised shorewall service I could note this -> IP Forwarding Disabled!

So, to enable that I go to -> /etc/shorewall/shorewall.conf

and change IP_FORWARDING=Off to On!

This Solve All my problems.

I hope that this solution Helps to other people.

Thnx!
Best Regards
Maximiliano N. C.
maximiliano.arg@gmail.com

[Updated on: Wed, 05 September 2007 08:46]

Report message to a moderator

Previous Topic:No any quotas !
Next Topic:*SOLVED* apache2: access denied
Goto Forum:
  


Current Time: Thu Jul 31 15:35:31 EDT 2014
Powered by FUDforum Powered by Parallels Virtuozzo Containers