OpenVZ Forum


Home » General » Support » [solved] openvz and shorewall
[solved] openvz and shorewall [message #36349] Fri, 12 June 2009 06:04 Go to next message
novazur is currently offline  novazur
Messages: 11
Registered: June 2009
Junior Member
Hi,

First, sorry for my bad english.
On my VN, I have shorewall running with :
policy
fw              net             ACCEPT
fw              vps             ACCEPT
vps             fw              ACCEPT
vps             net             ACCEPT
net             all             REJECT          info
all             all             REJECT          info

interfaces
net     eth0            detect          norfc1918,routefilter,tcpflags,blacklist
vps     venet0          -               routeback

masq
eth0                    venet0

zones
fw      firewall
net     ipv4
vps     ipv4

(if needed, I can post shorewall.conf)
My VN has a public IP, and all VEs privates ips.

Each time I create a new VE, so a new private ip, I can :
- ping VN from new VE
- ping new VE from VN
- ping others VE from new VE
- ping new VE from others VE
but I can't ping out (internet) from the new VE.
I spent a lot of time on that, and I found that I needed to restart shorewall to make it working.

Do you think it's possible to find something to change in shorewall config to not having to restart it ?

Thanks for your help (and for this fabulous tool).

PS: this post follows http://forum.openvz.org/index.php?t=msg&goto=36345&# msg_36345

[Updated on: Fri, 12 June 2009 17:05] by Moderator

Report message to a moderator

Re: openvz and shorewall [message #36354 is a reply to message #36349] Fri, 12 June 2009 10:25 Go to previous messageGo to next message
khorenko is currently offline  khorenko
Messages: 533
Registered: January 2006
Location: Moscow, Russia
Senior Member
Hi,

first of all i think you need to understand the reason why shorewall restart helps.

i think you can get it by the following:
1) your system is up and running
2) you create a new CT with new IP
3) check that you cannot ping the internet and save the iptables configuration (iptables-save should be enough?)
4) restart shorewall
5) check that you can ping the internet now and save the iptables configuration once more
6) compare the iptables configurations.

Hope this helps.

--
Konstantin


If your problem is solved - please, report it!
It's even more important than reporting the problem itself...
Re: openvz and shorewall [message #36370 is a reply to message #36354] Fri, 12 June 2009 16:29 Go to previous messageGo to next message
novazur is currently offline  novazur
Messages: 11
Registered: June 2009
Junior Member
I'll try it ASAP.
thanks.
Re: openvz and shorewall [message #36371 is a reply to message #36370] Fri, 12 June 2009 16:47 Go to previous messageGo to next message
novazur is currently offline  novazur
Messages: 11
Registered: June 2009
Junior Member
I found that changing masq with :
eth0                    192.168.0.0/24

did the trick.
Perfect !
Tanks.
Re: openvz and shorewall [message #36372 is a reply to message #36371] Fri, 12 June 2009 17:05 Go to previous messageGo to next message
khorenko is currently offline  khorenko
Messages: 533
Registered: January 2006
Location: Moscow, Russia
Senior Member
Smile i'm happy you solve it.

Good luck!


If your problem is solved - please, report it!
It's even more important than reporting the problem itself...
Re: [solved] openvz and shorewall [message #36373 is a reply to message #36349] Fri, 12 June 2009 17:14 Go to previous message
novazur is currently offline  novazur
Messages: 11
Registered: June 2009
Junior Member
Your anwer gave me the way to search Wink
Thanks.

Now, I have a new problem, but not sure it is possible to solve it : http://forum.openvz.org/index.php?t=msg&goto=36369&# msg_36369
Previous Topic: HowTo route/use a public IP to a VE ?
Next Topic: Memory problems
Goto Forum:
  


Current Time: Thu Mar 28 11:39:26 GMT 2024

Total time taken to generate the page: 0.01828 seconds