OpenVZ Forum: Support » Container unreachable from LAN

Home » General » Support » Container unreachable from LAN (Reachable only from hardware host)

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Container unreachable from LAN [message #49998]

Fri, 19 July 2013 14:04

Davide
Messages: 4
Registered: July 2013

Junior Member

Trying to set up the most basic container, I'm failing to make the container reachable from computers located on the same LAN of the hardware host via IPv4. Only the host can reach (ping) the container.

This is the configuration:

kernel: 3.8.13 vanilla, non-OpenVZ
VZ tools: vzctl version 4.3.1-21.git.68038a5 compiled from Git
container OS template: debian-6.0-x86.tar.gz
host OS: Debian Wheezy 7.1
network infrastructure: DSL connection reaches a domestic modem/router with dynamic IPv4; a few ethernet cables connect this router with individual computers within one single subnetwork; among these computers there's the OpenVZ hardware host. Router IP: 192.168.1.1, netmask 255.255.255.0; the router assigns IPs by using an internal DHCP daemon. This routher always assigns 192.168.1.10 to the hardware host (MAC binding). Hardware host can reach internet and the other computers on LAN.
Routing: no rules; no iptables, no netfilters, nothing except a NAT on the DSL modem/router.

This is how I attempt to set up the container:

#> /usr/handsoftware/sbin/vzctl create 101 --ostemplate debian-6.0-x86
Directory /proc/vz not found, assuming non-OpenVZ kernel
Creating container private area (debian-6.0-x86)
Performing postcreate actions
CT configuration saved to /etc/vz/conf/101.conf
Container private area was created
#> /usr/handsoftware/sbin/vzctl set 101 --onboot yes --save
Directory /proc/vz not found, assuming non-OpenVZ kernel
CT configuration saved to /etc/vz/conf/101.conf
#> vzctl set 101 --ipadd 192.168.1.101 --save
Directory /proc/vz not found, assuming non-OpenVZ kernel
CT configuration saved to /etc/vz/conf/101.conf
#> /usr/handsoftware/sbin/vzct set 101 --nameserver 192.168.1.1 --save
Directory /proc/vz not found, assuming non-OpenVZ kernel
CT configuration saved to /etc/vz/conf/101.conf
#> /usr/handsoftware/sbin/vzctl start 101
Directory /proc/vz not found, assuming non-OpenVZ kernel
Starting container...
Container is mounted
Could not properly cleanup container: No such file or directory
Failed to set limits for TCPbuffer (Cgroup one of the needed subsystems is not mounted)
Failed to set limits for Kernel Memory (Cgroup one of the needed subsystems is not mounted)
WARNING: Running container unprivileged. USER_NS not supported, or runtime disabled
Adding IP address(es): 192.168.1.101
Container start in progress...
#> ping 192.168.1.101
PING 192.168.1.101 (192.168.1.101) 56(84) bytes of data.
64 bytes from 192.168.1.101: icmp_req=1 ttl=64 time=0.126 ms
#> /usr/handsoftware/sbin/vzctl enter 101
Directory /proc/vz not found, assuming non-OpenVZ kernel
entered into CT 101
101#> ping 192.168.1.1
3 packets transmitted, 0 received, 100% packet loss, time 2010ms
101#> ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:19 errors:0 dropped:0 overruns:0 frame:0
TX packets:19 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1496 (1.4 KiB) TX bytes:1496 (1.4 KiB)

venet0 Link encap:Ethernet HWaddr 3e:bb:57:01:c5:1d
inet addr:127.0.0.2 Bcast:127.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:19 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:280 (280.0 B) TX bytes:910 (910.0 B)

venet0:0 Link encap:Ethernet HWaddr 3e:bb:57:01:c5:1d
inet addr:192.168.1.101 Bcast:192.168.1.255 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

[Updated on: Fri, 19 July 2013 18:40]

Report message to a moderator

Re: Container unreachable from LAN [message #50002 is a reply to message #49998]

Sat, 20 July 2013 06:50

Davide
Messages: 4
Registered: July 2013

Junior Member

I have no clue at all, so even a bare crude hypothesis could turn me on track toward using OpenVZ.

Report message to a moderator

Re: Container unreachable from LAN [message #50105 is a reply to message #49998]

Fri, 26 July 2013 19:45

Paparaciz
Messages: 302
Registered: August 2009

Senior Member

do you masquerade CT ip addresses to outside?
please provide more information about network setup in HN with interfaces and ip addresses and what do you want to achieve

Report message to a moderator

Re: Container unreachable from LAN [message #50110 is a reply to message #50105]

Fri, 26 July 2013 23:28

Davide
Messages: 4
Registered: July 2013

Junior Member

I have no kind of professional network configuration, not in CT0 nor in the VE. Iptables, masquerading and NAT: never customized these from their defaults.

CT0 connects to the modem/router using dhclient, and is assigned the IP 192.168.1.10 by the router, which stands on 192.168.1.1.

The goal is to let the VE have its own IP address assigned directly from the router, if possible.

[Updated on: Fri, 26 July 2013 23:30]

Report message to a moderator