Netzwerk Probleme [message #44576] |
Thu, 15 December 2011 15:23 |
Deluxe
Messages: 4 Registered: December 2011
|
Junior Member |
|
|
Liebe Community,
ich habe derzeit folgendes Problem in mehreren Virtuellen Maschinen mit Openvz
Es geht Darum das ich ein Komplettes C-Netz besitze und jede Vps und jeder dedicated Root haben IP-Adressen aus der Range, auch die Hostmaschine von den VPS.
Es wird Venet benutzt und die Configuration sieht wie folgt aus
## Global parameters
VIRTUOZZO=yes
LOCKDIR=/var/lib/vz/lock
DUMPDIR=/var/lib/vz/dump
VE0CPUUNITS=1000
## Logging parameters
LOGGING=yes
LOGFILE=/var/log/vzctl.log
LOG_LEVEL=0
VERBOSE=0
## Disk quota parameters
DISK_QUOTA=yes
VZFASTBOOT=no
# The name of the device whose ip address will be used as source ip for VE.
# By default automatically assigned.
VE_ROUTE_SRC_DEV=eth0
# Controls which interfaces to send ARP requests and modify APR tables on.
NEIGHBOUR_DEVS=all
## Template parameters
TEMPLATE=/var/lib/vz/template
## Defaults for VEs
VE_ROOT=/var/lib/vz/root/$VEID
VE_PRIVATE=/var/lib/vz/private/$VEID
CONFIGFILE="vps.basic"
#DEF_OSTEMPLATE="fedora-core-4"
DEF_OSTEMPLATE="debian"
## Load vzwdog module
VZWDOG="no"
## IPv4 iptables kernel modules
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"
## Enable IPv6
IPV6="no"
## IPv6 ip6tables kernel modules
IP6TABLES="ip6_tables ip6table_filter ip6table_mangle ip6t_REJECT"
Die verbindung von den Virtuellen Maschinen zu einem der dedi. Rootserver im Netzwerk ist nicht möglich, wobei die Verbindung von den Hostmaschinen der VirtuellenMaschinen zu dem anderen Dedizierten Server möglich ist.
Weiß jemand von euch woran das liegt, es muss ja sehr warscheinlich eine Fehlkonfiguration sein.
Es handelt sich hierbei um Debian Maschinen.
Die Interfaces-Config sieht wie folgt aus.
# Auto generated interfaces
auto lo
iface lo inet loopback
auto venet0
iface venet0 inet static
address 127.0.0.1
netmask 255.255.255.255
broadcast 0.0.0.0
up route add -net 192.0.2.1 netmask 255.255.255.255 dev venet0
up route add default gw 192.0.2.1
auto venet0:0
iface venet0:0 inet static
address 83.141.x.x
netmask 255.255.255.255
broadcast 0.0.0.0
auto venet0:1
iface venet0:1 inet static
address 83.141.x.x
netmask 255.255.255.255
broadcast 0.0.0.0
|
|
|
|
Re: Netzwerk Probleme [message #44586 is a reply to message #44585] |
Thu, 15 December 2011 16:56 |
Deluxe
Messages: 4 Registered: December 2011
|
Junior Member |
|
|
Sysctl.conf
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additonal system variables
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 4 4 1 7
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# This disables TCP Window Scaling (lkml-org/lkml/2008/2/5/167),
# and is not recommended.
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
#net.ipv6.conf.all.forwarding=1
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Ignore ICMP broadcasts
net.ipv4.icmp_echo_ignore_broadcasts = 1
#
# Ignore bogus ICMP errors
#net.ipv4.icmp_ignore_bogus_error_responses = 1
#
# Do not accept ICMP redirects (prevent MITM attacks)
net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
# The contents of /proc/<pid>/maps and smaps files are only visible to
# readers that are allowed to ptrace() the process
# kernel.maps_protect = 1
#OPEN VZ TOP
net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.ip_forward=1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.eth0.proxy_arp=1
Weitere Configs in dem sysctl.d Ordner gibt es nicht...
Was genau muss hier wie umgestellt werden, gibt es ggf. ein tutorial oder ähnliches hierzu ?
fpr direkte hilfe wäre ich aber auch sehr verbunden und dankbar
[Updated on: Thu, 15 December 2011 16:56] Report message to a moderator
|
|
|
|
|