Unable to talk to outside networks. [message #24308] |
Mon, 03 December 2007 21:15 |
Aravind Gottipati
Messages: 4 Registered: December 2007
|
Junior Member |
|
|
Hi,
We have quite a few private networks and need VEs to talk to them.
The openvz HN has one bonded interface (bond0) and a bunch of virtual
interfaces (bond0.60, bond0.81 etc) on each of these networks (setup
as vlans). I have a bunch of real servers sitting on the 10.2.81/24
and the 10.2.74/24 subnets. These servers can talk to each other.
The HN itself has an ip of 10.2.81.92 and can talk to servers in the
10.2.74/24 subnets
I have a VE sitting in the 10.2.81/24 network with an ip of
10.2.81.101. This server can ping and talk to other servers in the
10.2.81/24 network. However, it is unable to talk to anything in the
10.2.74/24 network. With tcpdump, I see the requests go out on the HN
and the responses coming in to the virtual interface (bond0.81) on the
HN. However, it appears that none of these packets make it back to
the VE. I have verified the the appropriate sysctl parameters are
setup. Forwarding in enabled and there are no firewall rules (in
iptables). I looked at some basic debugging (with help from the irc
chanel) and I see that the FORWARD policy packet count doesn't seem to
go up.
What information should I be looking at to figure this out or what can
I provide to help debug this.
Thank you,
Aravind.
|
|
|
|
|
|
|
Re: Re: Unable to talk to outside networks. [message #24504 is a reply to message #24474] |
Wed, 05 December 2007 17:05 |
Aravind Gottipati
Messages: 4 Registered: December 2007
|
Junior Member |
|
|
On Dec 5, 2007 4:54 AM, vaverin <vvs@sw.ru> wrote:
> Dear Aravind,
> as far as I understand You see replies on external interface (bond0). But are you seen these packets on venet interface (I mean on HW-node side)?
> Could You please give me acces to Your node (via PM)?
I packets make their way back to bond0.81 (which is the right
interface), but I don't see anything on the venet0 interface. So, for
some reason, they are not being forwarded from bond0.81 to venet0 (on
the HN). There are no firewalling rules in between.
Aravind.
|
|
|