OpenVZ Forum


Home » General » Support » Ping DNS From VE & Enable Internet
Ping DNS From VE & Enable Internet [message #25564] Sun, 30 December 2007 23:16 Go to next message
Desigen is currently offline  Desigen
Messages: 5
Registered: December 2007
Location: Damascus
Junior Member
Hi Folks,

I installed Debian with OpenVZ on a server. And I created a Debian VE called 101. Now my host machine IP is : 192.186.60.xY and our DNS server is 91.144.8.xx and the Gateway is 192.168.60.R . The new VE has an IP : 192.186.60.YY and /etc/resolv.conf has 91.144.8.xx .

From VE 101 I can ping the host and the gateway but not the DNS server. also I can't ping google.com or his IP's .

My host machine connected to the internet and can ping anything.

I used bridge to make connection between HN & VE and I follow the following Wiki :
http://wiki.openvz.org/Installation_on_Debian
http://wiki.openvz.org/Using_private_IPs_for_Hardware_Nodes

I also disable my iptable on host machine :
http://www.cyberciti.biz/faq/turn-on-turn-off-firewall-in-li nux/

Now how can I solve this problem ? What's missing ?

Thanks for help.

[Updated on: Mon, 31 December 2007 08:15]

Report message to a moderator

Re: Ping DNS From VE & Enable Internet [message #25574 is a reply to message #25564] Tue, 01 January 2008 18:42 Go to previous messageGo to next message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Hi,

Happy New Year!

1. To clarify the situation can you explain what kind of connection between HN and VE do you use: veth or venet? What does it mean
Quote:

I used bridge to make connection between HN & VE

Have you read?:
http://wiki.openvz.org/Virtual_network_device
http://wiki.openvz.org/Virtual_Ethernet_device

2. Can you show the output of:
"ip a l" (from HN and from VE)
3. "ip ro l" from HN
4. You can use "tcpdump" to determine the packages behaviour.
When you ping the DNS server from the VE please provide us with such information:
- Is ping requests exit from the VE?
- Is ping requests come to HN?
- Is ping reply comes to HN?

Thank You!

Report message to a moderator

Re: Ping DNS From VE & Enable Internet [message #25616 is a reply to message #25574] Thu, 03 January 2008 15:35 Go to previous messageGo to next message
Desigen is currently offline  Desigen
Messages: 5
Registered: December 2007
Location: Damascus
Junior Member
Hi, happy new year for you too.

Thank you for reply. I have to say the Wiki are very good. It's very helpful. My problem was in the network especially in the router or switch. So our network administrator enable the ip for the virtual machine and it's work very nice.

Thanks again.
And HNY Smile

Report message to a moderator

Re: Ping DNS From VE & Enable Internet [message #25917 is a reply to message #25564] Fri, 11 January 2008 02:09 Go to previous messageGo to next message
protocoles is currently offline  protocoles
Messages: 5
Registered: January 2008
Junior Member
Hello,

I've same problem Sad please help I'm unable to ping any domain via VPS node.

The VPS node has Centos 4x template and The server has debian OS.

Here is the result of HW and VPS node.

Debian Server:
xxx.xxx.xxx.xxx dev venet0 scope link
xxx.xxx.xx.xx/27 via xxx.xxx.xxx.xxx dev eth0
xxx.xxx.xx.xx/27 dev eth0 proto kernel scope link src xxx.xxx.xxx.xxx
default via xxx.xxx.xxx.xxx dev eth0
=====================================

VPS Node:
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,10000> mtu 1500 qdisc noqueue
link/void
inet 127.0.0.1/32 scope host venet0
inet xx.xxx.xxx.xxx/32 brd xxx.xxx.xxx.xxx scope global venet0:0
======================================

Yes - I'm able to ping vps node from debian system and from vps node to debian system.

Please help Sad

Report message to a moderator

Re: Ping DNS From VE & Enable Internet [message #25919 is a reply to message #25917] Fri, 11 January 2008 06:45 Go to previous messageGo to next message
Desigen is currently offline  Desigen
Messages: 5
Registered: December 2007
Location: Damascus
Junior Member
Hi, you need to add default route to your VM. it's the default route for your HW.

route add default gw xxx.xxx.xxx.xxx dev venet0

Alss, check with your network administrator if your private ip have been nated to a global ip.

good luck

Report message to a moderator

Re: Ping DNS From VE & Enable Internet [message #25928 is a reply to message #25917] Fri, 11 January 2008 11:27 Go to previous messageGo to next message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Hi,

Please use "tcpdump" to determine the packets behaviour.
When you ping some domain from the VE please provide us with such information:
- Is ping requests exit from the VE?
(Use tcpdump inside VE)
- Is ping requests come to HN
(Use tcpdump on HN)
-Is ping reply comes to HN?
(Use tcpdump on HN)

Is it possible to ping your VPS from any host (except HN)? If not I suppose that the problem is in routes and the packets don't reach your HN.

Thank You!

Report message to a moderator

Re: Ping DNS From VE & Enable Internet [message #25929 is a reply to message #25919] Fri, 11 January 2008 12:15 Go to previous messageGo to next message
protocoles is currently offline  protocoles
Messages: 5
Registered: January 2008
Junior Member
I'm getting

SIOCADDRT: Network is unreachable

Sad

Report message to a moderator

Re: Ping DNS From VE & Enable Internet [message #25930 is a reply to message #25929] Fri, 11 January 2008 12:48 Go to previous messageGo to next message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Hi,

1. You should not add this route inside VE.
2. vzctl adds necessary route to your VPS
Quote:

xxx.xxx.xxx.xxx dev venet0 scope link

3. Please check that your have applied all sysctl parameters.
Can you please show us 'sysctl -a | grep ip_forward' from HN?
4. Also check your iptable rules.

Than You!

Report message to a moderator

Re: Ping DNS From VE & Enable Internet [message #25931 is a reply to message #25929] Fri, 11 January 2008 12:53 Go to previous messageGo to next message
Desigen is currently offline  Desigen
Messages: 5
Registered: December 2007
Location: Damascus
Junior Member
Hi, are you sure that you build a Bridge in your HN machine ?

Follow this : http://wiki.openvz.org/Using_private_IPs_for_Hardware_Nodes

Also, make sure your iptables on HN allow VE to forward packets : http://wiki.openvz.org/Bridge_doesn't_forward_packets

Finally, can you ping your VE from HN AND what about ping VE from any computer outside it zone

Enjoy !

Report message to a moderator

Re: Ping DNS From VE & Enable Internet [message #25937 is a reply to message #25930] Fri, 11 January 2008 13:32 Go to previous messageGo to next message
protocoles is currently offline  protocoles
Messages: 5
Registered: January 2008
Junior Member
I tried to add this inside my VPS but having same error.

here's the result.

~# sysctl -a | grep ip_forward
error: "Operation not permitted" reading key "net.ipv6.route.flush"
error: "Operation not permitted" reading key "net.ipv4.route.flush"
net.ipv4.ip_forward = 1

Sad

Report message to a moderator

Re: Ping DNS From VE & Enable Internet [message #25939 is a reply to message #25937] Fri, 11 January 2008 13:55 Go to previous messageGo to next message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Hi,

1. You should not to add any route inside your VPS.
2. Are you still able to ping your VPS from HN and HN from VPS?
3. And what about iptables?
3. You can conduct "tcpdump" experiment. I've described it above.
Please provide us with the result of this experiment if it will be done.
4.Is it possible to ping your VPS from other host (except HN)?

Thank You!

Report message to a moderator

Re: Ping DNS From VE & Enable Internet [message #25941 is a reply to message #25939] Fri, 11 January 2008 14:18 Go to previous messageGo to next message
protocoles is currently offline  protocoles
Messages: 5
Registered: January 2008
Junior Member
No, I didn't add that route inside my VPS

Yes - I'm able to ping my VPS node from my HW and from everywhere

No, iptables has stopped in HW

Could you please tell me the command so that I can send you result?

Yes it is possible.

P.S if you want I can pm you my Hw login detail for reviewing.

Please advice

Report message to a moderator

Re: Ping DNS From VE & Enable Internet [message #25943 is a reply to message #25941] Fri, 11 January 2008 15:25 Go to previous messageGo to next message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Hi,

1. Please check that in output of command 'arp -n' (on HN) there is an ip of your VPS.
2. Conduct this experiment:
- On HN: 'tcpdump -n host <YOUR_VE_ID>' then
- Enter inside VE and try to ping any host
- Please provide us with the output of tcpdump from HN.
3. And also 'vzctl --version' on HN
4. What kernel do you use?

Report message to a moderator

Re: Ping DNS From VE & Enable Internet [message #25946 is a reply to message #25943] Fri, 11 January 2008 19:40 Go to previous messageGo to next message
protocoles is currently offline  protocoles
Messages: 5
Registered: January 2008
Junior Member
Address HWtype HWaddress Flags Mask Iface
HW_IP.xxx ether 00:02:85:18:AC:A0 C eth0
VPS_IP.xxx * <from_interface> MP eth0

=================================
20:37:49.434575 IP veid_xxxx.xxx.32768 > 4.2.2.1.53: 12282+ A? yahoo.com. (27)
20:37:49.461375 IP 4.2.2.1.53 > veid_xxxx.xxx.32768: 12282 ServFail 0/0/0 (27)
20:37:49.461443 IP veid_xxxx.xxx.32768 > 4.2.2.1.53: 12282+ A? yahoo.com. (27)
20:37:49.487803 IP 4.2.2.1.53 > veid_xxxx.xxx.32768: 12282 ServFail 0/0/0 (27)
20:37:49.487865 IP veid_xxxx.xxx.32768 > 4.2.2.1.53: 52960+ A? yahoo.com.hostserver.com. (42)
20:37:49.512643 IP 4.2.2.1.53 > veid_xxxx.xxx.32768: 52960 ServFail- [0q] 0/0/0 (12)
20:37:54.485469 IP veid_xxxx.xxx.32768 > 4.2.2.1.53: 52960+ A? yahoo.com.hostserver.com. (42)
20:37:54.512620 IP 4.2.2.1.53 > veid_xxxx.xxx.32768: 52960 ServFail 0/0/0 (42)
20:38:00.007908 IP veid_xxxx.xxx.32768 > 4.2.2.1.53: 44300+ A? gmail.com. (27)
20:38:00.032140 IP 4.2.2.1.53 > veid_xxxx.xxx.32768: 44300 ServFail- [0q] 0/0/0 (12)
20:38:05.006210 IP veid_xxxx.xxx.32768 > 4.2.2.1.53: 44300+ A? gmail.com. (27)
20:38:05.031566 IP 4.2.2.1.53 > veid_xxxx.xxx.32768: 44300 ServFail 0/0/0 (27)
20:38:05.031627 IP veid_xxxx.xxx.32768 > 4.2.2.1.53: 42026+ A? gmail.com.hostserver.com. (42)
20:38:05.058523 IP 4.2.2.1.53 > veid_xxxx.xxx.32768: 42026 ServFail 0/0/0 (42)
20:38:05.058571 IP veid_xxxx.xxx.32768 > 4.2.2.1.53: 42026+ A? gmail.com.hostserver.com. (42)
20:38:05.085209 IP 4.2.2.1.53 > veid_xxxx.xxx.32768: 42026 ServFail 0/0/0 (42)
==========================================

# vzctl --version
vzctl version 3.0.22-1dso1

===========================================

# uname -r
2.6.18-ovz-028stab051.1-enterprise

Thank you

Report message to a moderator

Re: Ping DNS From VE & Enable Internet [message #25949 is a reply to message #25946] Fri, 11 January 2008 22:05 Go to previous messageGo to next message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Hi,

Looks like the problem in your DNS server.
Please check that you set suitable DNS to your VPS.
Look at vzctl's --nameserver parameter.

Can you ping any host from inside the VPS using hosts's IP?
If no please do the same experiment but ping anything using it IP.

Thank You!

Report message to a moderator

Re: Ping DNS From VE & Enable Internet [message #25955 is a reply to message #25949] Sat, 12 January 2008 09:40 Go to previous message
Desigen is currently offline  Desigen
Messages: 5
Registered: December 2007
Location: Damascus
Junior Member
Hi, try to ping googel or yahoo IP. And make sure your DNS Server IP Address in /etc/resolve.conf

Enjoy it !

Report message to a moderator

Previous Topic: *SOLVED* bash: relocation error
Next Topic: *SOLVED* VE: 102: failed to start with err=-17
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sun May 12 00:02:41 GMT 2024

Total time taken to generate the page: 0.01667 seconds
Powered by FUDforum Powered by Virtuozzo Containers