OpenVZ Forum


Home » General » Support » VE not accessible by network
VE not accessible by network [message #14561] Mon, 02 July 2007 13:49 Go to next message
ralf is currently offline  ralf
Messages: 2
Registered: July 2007
Junior Member
Well, I am not able to access the VE via network.

Looks like packets from the VE are transmitted to the HN, but
there is no connection back from the HN to the VE. I searched
quite a long time, and I have no more idea, what the problem is.
The HN/VE-box is newly installed and there are no other services.

Any hints or tipps are welcome.


HN's ip xxx.xxx.xxx.72
VE's ip xxx.xxx.xxx.73

Example 1:
===> Trying to ping a host in the same subnet as HN/VE from inside VE:

VE:/root# ping xxx.xxx.xxx.65
PING xxx.xxx.xxx.65 (xxx.xxx.xxx.65) 56(84) bytes of data.
<nothing happens...>

===> I can see the ping-packets going through the HN and I can see the
replies on eth0 of HN

HN root ~ # tcpdump -n -i eth0 host xxx.xxx.xxx.73
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:19:59.161185 IP xxx.xxx.xxx.73 > xxx.xxx.xxx.65: ICMP echo request, id 35622, seq 1, length 64
14:19:59.161566 IP xxx.xxx.xxx.65 > xxx.xxx.xxx.73: ICMP echo reply, id 35622, seq 1, length 64
14:20:00.161352 IP xxx.xxx.xxx.73 > xxx.xxx.xxx.65: ICMP echo request, id 35622, seq 2, length 64
14:20:00.162206 IP xxx.xxx.xxx.65 > xxx.xxx.xxx.73: ICMP echo reply, id 35622, seq 2, length 64
14:20:01.160989 IP xxx.xxx.xxx.73 > xxx.xxx.xxx.65: ICMP echo request, id 35622, seq 3, length 64
14:20:01.161421 IP xxx.xxx.xxx.65 > xxx.xxx.xxx.73: ICMP echo reply, id 35622, seq 3, length 64


Example 2:
===> Trying to connect the ssh-port of the VE from the HN (or any
other host in the subnet)

HN root ~ # telnet xxx.xxx.xxx.73 22
Trying xxx.xxx.xxx.73...
telnet: Unable to connect to remote host: Connection refused

===> but....

HN root ~ # netstat -pultn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 6391/portmap
tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN 6689/inetd
tcp 0 0 xxx.xxx.xxx.72:22 0.0.0.0:* LISTEN 6699/sshd <== sshd HN
tcp 0 0 xxx.xxx.xxx.73:22 0.0.0.0:* LISTEN 8445/sshd <== sshd VE
tcp 0 0 0.0.0.0:37406 0.0.0.0:* LISTEN 6893/rpc.statd
tcp6 0 0 2001:xxx:xxxx::72:22 :::* LISTEN 6699/sshd <== sshd HN
udp 0 0 0.0.0.0:32768 0.0.0.0:* 6893/rpc.statd
udp 0 0 0.0.0.0:709 0.0.0.0:* 6893/rpc.statd
udp 0 0 0.0.0.0:111 0.0.0.0:* 6391/portmap



======> some configuration-output from HN and VE


HN root ~ # dpkg -l | grep vz
ii linux-image-2.6.18-028stab035.1-ovz-smp 028stab035.1 OpenVZ - Linux kernel image for version 2.6.
ii ovzkernel-2.6.18-smp 028stab035.1 OpenVZ - META KERNEL Package 2.6.18 (028stab
ii vzctl 3.0.16-5dso1 OpenVZ - server virtualization solution - co
ii vzctl-ostmpl-debian 4.0-20070323 OpenVZ - OS Template - Debian 4.0
ii vzquota 3.0.9-1dso40.1 server virtualization solution - quota tools
HN root ~ # cat /proc/version
Linux version 2.6.18-028stab035.1-ovz-smp (tsd@debian.systs.org) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)) #1 SMP Wed Jun 13 22:08:06 CEST 2007

HN root ~ # ip a l
2: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
4: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
6: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0e:0c:36:8b:30 brd ff:ff:ff:ff:ff:ff
inet xxx.xxx.xxx.72/24 brd xxx.xxx.xxx.255 scope global eth0
inet xxx.xxx.xxx.73/24 brd xxx.xxx.xxx.255 scope global secondary eth0:0
inet xxx.xxx.xxx.74/24 brd xxx.xxx.xxx.255 scope global secondary eth0:1
inet6 2001:zzz:zzzz::74/64 scope global
valid_lft forever preferred_lft forever
inet6 2001:zzz:zzzz::73/64 scope global
valid_lft forever preferred_lft forever
inet6 2001:zzz:zzzz::72/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::20e:cff:fe36:8b30/64 scope link
valid_lft forever preferred_lft forever
8: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0e:0c:2c:15:1e brd ff:ff:ff:ff:ff:ff
inet yyy.yyy.yyy.139/29 brd yyy.yyy.yyy.143 scope global eth1
1: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,10000> mtu 1500 qdisc noqueue
link/void


HN root ~ # ip r l
xxx.xxx.xxx.73 dev venet0 scope link
yyy.yyy.yyy.136/29 dev eth1 proto kernel scope link src yyy.yyy.yyy.139
xxx.xxx.xxx.0/24 dev eth0 proto kernel scope link src xxx.xxx.xxx.72
172.24.0.0/21 via xxx.xxx.xxx.253 dev eth0
default via xxx.xxx.xxx.254 dev eth0



HN root ~ # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


VE:/root# ifconfig -a
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:xxx.xxx.xxx.73 P-t-P:xxx.xxx.xxx.73 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1


VE:/root# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.0.2.1 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
0.0.0.0 192.0.2.1 0.0.0.0 UG 0 0 0 venet0

Re: VE not accessible by network [message #14596 is a reply to message #14561] Tue, 03 July 2007 08:21 Go to previous messageGo to next message
Andrey Mirkin is currently offline  Andrey Mirkin
Messages: 193
Registered: May 2006
Senior Member
It seems that you have the same IP address inside VE and on HN:

Quote:

HN root ~ # ip a l
...
6: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0e:0c:36:8b:30 brd ff:ff:ff:ff:ff:ff
inet xxx.xxx.xxx.72/24 brd xxx.xxx.xxx.255 scope global eth0
inet xxx.xxx.xxx.73/24 brd xxx.xxx.xxx.255 scope global secondary eth0:0
^^^^^^^^^^^
inet xxx.xxx.xxx.74/24 brd xxx.xxx.xxx.255 scope global secondary eth0:1
inet6 2001:zzz:zzzz::74/64 scope global
valid_lft forever preferred_lft forever
inet6 2001:zzz:zzzz::73/64 scope global
valid_lft forever preferred_lft forever
inet6 2001:zzz:zzzz::72/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::20e:cff:fe36:8b30/64 scope link
valid_lft forever preferred_lft forever

VE:/root# ifconfig -a
...
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:xxx.xxx.xxx.73 P-t-P:xxx.xxx.xxx.73 Bcast:0.0.0.0 Mask:255.255.255.255
^^^^^^^^^^
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1




Andrey Mirkin
http://static.openvz.org/userbars/openvz-developer.png
Re: VE not accessible by network [message #14598 is a reply to message #14596] Tue, 03 July 2007 09:25 Go to previous message
ralf is currently offline  ralf
Messages: 2
Registered: July 2007
Junior Member
[quote title=Andrey Mirkin wrote on Tue, 03 July 2007 10:21]It seems that you have the same IP address inside VE and on HN:

Yes, I somehow tought, that I have to have a virtuell interface in the HN for every VE. I deleted the virtuell interface and all works fine.

Thanks.
Previous Topic: *RESOLVED* networking between ves
Next Topic: Can not suspend VE
Goto Forum:
  


Current Time: Sat Nov 09 07:49:37 GMT 2024

Total time taken to generate the page: 0.03252 seconds