OpenVZ Forum


Home » General » Support » Running VEs on a Strato Hostsystem with natted public->private ip-addresses
Running VEs on a Strato Hostsystem with natted public->private ip-addresses [message #9675] Tue, 16 January 2007 16:50 Go to next message
BAzfH is currently offline  BAzfH
Messages: 2
Registered: January 2007
Location: Moenchengladbach, DE
Junior Member
Hi,

i am having a problem I am stuck on with Openvz. First of all some pre-information that i find to be useful:

Host OS: Debian Etch (4.0 / testing)
Host Kernel: 2.6.18-1-openvz (patched with kernel-patch-openvz from debian/testing archive)
Host Interfaces:
eth0: X.X.X.X (public address)
eth0:0: Y.Y.Y.Y (public address)

The setup I desire is to have is: a VE inside openvz running Debian Etch, serving some services which are to be available on the
eth0:0's ip-address. This should be achieved by doing some SNAT for outgoing traffic and some DNAT for incoming traffic on some specific ports. Therefore i thin venet is the best choice for me, also because i maybe would like to switch to have more then one VE, each providing *one* specific service.

So what i do is:
1. Create a VE with an private ip-address (tried IP-Addresses in all of the three possible classes)
2. Add iptables-rules on the host system according to this documentation:
http://wiki.openvz.org/Using_NAT_for_VE_with_private_IPs

That does result in such messages when starting an VE:

arpsend: 10.0.0.101 is detected on another computer : 00:00:5e:00:01:02

Also network is *not* working. Inside of the VE i can do ICMP-flood other systems and getting replies, but i cannot do something more like e.g. connecting systems. It is not a DNS problem, cause I've checked that by connecting a specific service by its ip and port. I heard there may be a future enabled on the HSP switch for security concerns that is answering the arpsend request which results in the above error message. But i quiet don't understand why this switch does get info about my internal ip address? Isn't it possible to configure it so, that _only_ the host system is able to "see" these addresses? Switch does not need to, or am I wrong?

So what i want to know is: Is my approach right? Do i miss something? If you need more input to help me, feel free to ask for it. Did anyone setup openvz on a strato server who knows whats specific with Strato Servers who can guide me a bit?

Thanks in advance
Best Regards

Patrick / BAzfH
Re: Running VEs on a Strato Hostsystem with natted public->private ip-addresses [message #9720 is a reply to message #9675] Thu, 18 January 2007 14:39 Go to previous messageGo to next message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member


arpsend: 10.0.0.101 is detected on another computer : 00:00:5e:00:01:02

this messages means very clear statement: this IP address is already used on another machine. it's MAC address is shown to you.
So you either have selected wrong IP address (busy) or you have done something wrong with the configuration (which is unlikely, but still...)


http://static.openvz.org/userbars/openvz-developer.png
[SOLVED BELOW] Re: Running VEs on a Strato Hostsystem with natted public->private ip-addresses [message #10970 is a reply to message #9720] Sat, 10 March 2007 20:50 Go to previous messageGo to next message
jonwatson is currently offline  jonwatson
Messages: 21
Registered: March 2007
Junior Member
I'm having exactly the same problem, yet I know for certain that there is no other machine on the network with this IP.

I had an IP assigned to a running VE and then didn't need it anymore. So I stopped and destroyed the VE. From that point on, I have been enable to use this IP again because whenever I try to start a new VE with that IP, I get the IP Address in use error.

I then abandoned that IP address altogether and created a new VE with a new IP address that I had never used before. I get the samee results.

Starting VE ...
VE is mounted
Adding IP address(es): 68.128.52.229
arpsend: 68.128.52.229 is detected on another computer : 00:0c:30:c1:87:ff
vps-net_add WARNING: arpsend -c 1 -w 1 -D -e 68.128.52.229 eth0 FAILED


If I understand correctly, when a VE starts, it sends a ping or something to the IP address it is going to use. If something responds, then it thinks the address is in use and fails.

The MAC asddress that is responding to the pings (or whatever they are) is the MAC address of my provider's gateway. I don't know why it responds to these pings, but I do know that the IP is not in use.

Is there some way to bypass this check or force OpenVZ to start regardless?

This little problem has rendered my box pretty much useless to serving up VPSes.

Any help is appreciated.

Thanks!

[Updated on: Mon, 12 March 2007 08:57] by Moderator

Report message to a moderator

Re: Running VEs on a Strato Hostsystem with natted public->private ip-addresses [message #10973 is a reply to message #10970] Sun, 11 March 2007 02:21 Go to previous messageGo to next message
rickb is currently offline  rickb
Messages: 368
Registered: October 2006
Senior Member
Quote:

The MAC asddress that is responding to the pings (or whatever they are) is the MAC address of my provider's gateway. I don't know why it responds to these pings, but I do know that the IP is not in use.


From my experience, this means your gateway has an entry in its routing table for a network which contains that address.

Try to assign the address to eth0:1 of your HN, does it work?



-------------
Common Terms I post with: http://wiki.openvz.org/Category:Definitions

UBC. Learn it, love it, live it: http://wiki.openvz.org/Proc/user_beancounters
Re: Running VEs on a Strato Hostsystem with natted public->private ip-addresses [message #10975 is a reply to message #10973] Sun, 11 March 2007 04:51 Go to previous messageGo to next message
jonwatson is currently offline  jonwatson
Messages: 21
Registered: March 2007
Junior Member
rickb wrote on Sat, 10 March 2007 21:21

Quote:

The MAC asddress that is responding to the pings (or whatever they are) is the MAC address of my provider's gateway. I don't know why it responds to these pings, but I do know that the IP is not in use.


From my experience, this means your gateway has an entry in its routing table for a network which contains that address.

Try to assign the address to eth0:1 of your HN, does it work?




Did you mean the address that I'm trying to assign to the VE? If so, I just tried assigning it to eth0:1 on the HN and I got the same error. The same MAC is associated with the IP.

This little problem has totally stopped me dead in my tracks. I can't start any new VEs. I see tons of posts about this very problem in these forums, and the responses all seem to be that there actually is another machine in the network with that IP, but in this case I know 100% for certain that there isn't.

Can you think of anything else I can mess with?

Thanks for the help.

Jon
Re: Running VEs on a Strato Hostsystem with natted public->private ip-addresses [message #10979 is a reply to message #10970] Sun, 11 March 2007 07:37 Go to previous messageGo to next message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member

1.
arpsend: 68.128.52.229 is detected on another computer : 00:0c:30:c1:87:ff
vps-net_add WARNING: arpsend -c 1 -w 1 -D -e 68.128.52.229 eth0 FAILED

these messages are warning only. if you are 100% sure that this IP address in not in use - it is safe to forget about it.

Does your VE work fine after it's booted?

2. If you claim that 00:0c:30:c1:87:ff is the MAC of the gateway,
then it can be Strato GW which is configured somehow to cache MAC/IP and reply himself on arm requests.
Ask your provider about this.


http://static.openvz.org/userbars/openvz-developer.png
Re: Running VEs on a Strato Hostsystem with natted public->private ip-addresses [message #10980 is a reply to message #10975] Sun, 11 March 2007 07:40 Go to previous messageGo to next message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member

BTW, do you have NAT'ted IP addresses as well (thread subject)? In this case you don't need ARPSEND on VE startup at all.

Though IP address 68.128.52.229 doesn't look local, which means you should have been granted to use it by your provider. Which one is correct?


http://static.openvz.org/userbars/openvz-developer.png
Re: Running VEs on a Strato Hostsystem with natted public->private ip-addresses [message #11012 is a reply to message #10979] Mon, 12 March 2007 02:48 Go to previous messageGo to next message
jonwatson is currently offline  jonwatson
Messages: 21
Registered: March 2007
Junior Member
Ah. warning only, OK. It's precisely because my VE networking doesn't work that I thought it was more than a warning.

How would one go about troubleshooting this issue? The VE is assigned the IP I intend and the virtual NIC within the VE shows it. Just no networking - no ping by IP or name....
Re: Running VEs on a Strato Hostsystem with natted public->private ip-addresses [message #11013 is a reply to message #10980] Mon, 12 March 2007 02:51 Go to previous messageGo to next message
jonwatson is currently offline  jonwatson
Messages: 21
Registered: March 2007
Junior Member
dev wrote on Sun, 11 March 2007 02:40

BTW, do you have NAT'ted IP addresses as well (thread subject)? In this case you don't need ARPSEND on VE startup at all.

Though IP address 68.128.52.229 doesn't look local, which means you should have been granted to use it by your provider. Which one is correct?




Ohh...yeah. I guess I'm in the wrong thread. I just searched for the same problem I'm having and dumped into the thread. I'm not running on a Strato nor am I running NATd.

You're correct in that I am running a public IP which has been assigned to me by my provider.
Re: Running VEs on a Strato Hostsystem with natted public->private ip-addresses [message #11014 is a reply to message #11012] Mon, 12 March 2007 03:22 Go to previous messageGo to next message
jonwatson is currently offline  jonwatson
Messages: 21
Registered: March 2007
Junior Member
jonwatson wrote on Sun, 11 March 2007 21:48

Ah. warning only, OK. It's precisely because my VE networking doesn't work that I thought it was more than a warning.

How would one go about troubleshooting this issue? The VE is assigned the IP I intend and the virtual NIC within the VE shows it. Just no networking - no ping by IP or name....



I am too stupid to live. After three days of looking at this I suddenly realized that the first octet of my IP range is 66 and not 68.

Someone please shoot me.
Re: Running VEs on a Strato Hostsystem with natted public->private ip-addresses [message #11021 is a reply to message #11014] Mon, 12 March 2007 08:57 Go to previous message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member

I would prefer our users live, not die Smile))
I'm glad it is resolved for you now.


http://static.openvz.org/userbars/openvz-developer.png
Previous Topic: compiling kernel without module support
Next Topic: Performance Question
Goto Forum:
  


Current Time: Tue Dec 03 06:06:11 GMT 2024

Total time taken to generate the page: 0.19391 seconds