| nat , ip tables, eth0 issue [message #51161] |
Thu, 27 February 2014 21:07  |
marcin4
Messages: 7
Registered: February 2013
|
Junior Member |
|
|
I have openvz server with bunch of containers, some on public, some on private IPs.
The issue I am having is; after week or so the container with private IP is loosing routing, but not completely.
Some packages are getting to private IP container and some do not.
monitoring of incoming packages that are not getting to cointainer showing hardware node responding "unreachable"
this is my iptables setup:
#internet access to containers
iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -o eth0 -j SNAT --to A.B.C.D
iptables -A INPUT -s 10.0.1.0/24 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d A.B.C.D --dport 8082 -i eth0 -j DNAT --to-destination 10.0.1.2:80 #web
iptables -t nat -A PREROUTING -p udp -d A.B.C.D --dport 5064 -i eth0 -j DNAT --to-destination 10.0.1.2:5064 #sip
iptables -t nat -A PREROUTING -p udp -d A.B.C.D --dport 10100:10199 -i eth0 -j DNAT --to-destination 10.0.1.2 #rtp
where A.B.C.D is a hardware node external IP address on eth0
ip route flush cache does nothing to help, nor does the restart of the effected containers.
flushing iptables and reapplying rules does nothing.
The issue must be on hardware node. MTU size on eth0 perhaps?
The only thing that helps so far is restarting network service on hardware node, short of rebooting it.
dmesg nor logs shows no errors
The public IP containers are working fine
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
