I'm stuck!
My problem is, that VEs on host are unable to ping and do nameresolving after working for sometime. I have two VEs in a private Network and a net setup on the host. Each VE is assigned to a workstations-IP to answer HTTP-Requests:
mh2dev:~# uname -a
Linux mh2dev 2.6.8-022stab078-smp #1 SMP Mon Aug 7 15:58:07 CEST 2006 i686 GNU/Linux
mh2dev:~# vzlist -a
VPSID NPROC STATUS IP_ADDR HOSTNAME
128 - stopped 10.0.0.128 MH2Dev128.abacho.net
129 22 running 10.0.0.129 MH2Dev129.abacho.net
mh2dev:~#
mh2dev:~# iptables-save
# Generated by iptables-save v1.2.11 on Fri Aug 18 11:13:00 2006
*nat
:PREROUTING ACCEPT [1061:128928]
:POSTROUTING ACCEPT [298:14356]
:OUTPUT ACCEPT [10:651]
-A PREROUTING -s 192.168.1.30 -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.128
-A PREROUTING -s 192.168.1.27 -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.129
-A POSTROUTING -o eth0 -j SNAT --to-source 192.168.1.96
COMMIT
# Completed on Fri Aug 18 11:13:00 2006
# Generated by iptables-save v1.2.11 on Fri Aug 18 11:13:00 2006
*mangle
:PREROUTING ACCEPT [24496:6547973]
:INPUT ACCEPT [4811:547422]
:FORWARD ACCEPT [19685:6000551]
:OUTPUT ACCEPT [4745:418748]
:POSTROUTING ACCEPT [24430:6419299]
COMMIT
# Completed on Fri Aug 18 11:13:00 2006
# Generated by iptables-save v1.2.11 on Fri Aug 18 11:13:00 2006
*filter
:INPUT ACCEPT [4815:547582]
:FORWARD ACCEPT [19685:6000551]
:OUTPUT ACCEPT [4754:419800]
COMMIT
# Completed on Fri Aug 18 11:13:00 2006
mh2dev:~#
Here comes, what I do:
mh2dev:~# vzctl start 128
Starting VPS ...
VPS is mounted
Adding IP address(es): 10.0.0.128
Setting CPU units: 1000
Set hostname: MH2Dev128.abacho.net
File resolv.conf was modified
VPS start in progress...
mh2dev:~# ssh 10.0.0.128
Password:
Last login: Fri Aug 18 08:16:00 2006 from 213.203.200.115
MH2Dev128:~# ping www.heise.de
PING www.heise.de (193.99.144.85) 56(84) bytes of data.
64 bytes from www.heise.de (193.99.144.85): icmp_seq=1 ttl=249 time=10.5 ms
--- www.heise.de ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 10.527/10.527/10.527/0.000 ms
MH2Dev128:~#
So far, everything works! I have TCP and UDP-Connectivity working inside the VE, ip_fowarding turned on in /proc and setup the ip_conntrack-option. Now, about 5 minutes later without me doing anything, the nat of UDP shuts off wheras TCP still seems to work:
MH2Dev128:~# ping www.heise.de
MH2Dev128:~# cat /etc/resolv.conf
domain croup.de
nameserver 192.168.1.44
MH2Dev128:~# telnet 192.168.1.44 53
Trying 192.168.1.44...
Connected to 192.168.1.44.
Escape character is '^]'.
iptables and /proc/.../ip_foward still look ok. To get things back to work, I need to restart the VE. Inside the VE there is no IPtables-configuration and I can't think of anything that should block UDP-Traffic.
Can someone give me a hint where to look at?
[Updated on: Fri, 18 August 2006 10:58]
Report message to a moderator
OpenVZ Forum
Members
Search
Help
Register
Login
Home
