From: Darryl Ross (bofh_at_afoyi.com)
Date: Thu 15 Jan 2004 - 05:29:07 GMT
Quick question.
I'm currently running 2.4.23-vs1.21 on a RH7.3 host and am having the
same problem that a few other people have posted about, namely not being
able to connect to remote hosts from the host server, but being able to
from within a vserver. I'm not sure if a fix has been posted for this
yet, but I thought I'd describe the behavior on my system, in case it helps.
From the host machine, I am not able to run some network programs,
although I do seem to be able to run some others. As someone posted
earlier, I have tried running SSH bound to the specific IP addresses
rather than using the v_sshd wrapper, but it doesn't seem to have made
any differences. Here is an example session, from the host machine itself:
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
[15:24][darryl_at_hornet ~][0]$ host mirror.aarnet.edu.au
mirror.aarnet.edu.au has address 192.42.62.2
[15:25][darryl_at_hornet ~][0]$ host mirror.aarnet.edu.au ns1.e-access.com.au
socket.c:1100: internal_send: 202.191.96.194#53: Invalid argument
socket.c:1100: internal_send: 202.191.96.194#53: Invalid argument
;; connection timed out; no servers could be reached
[15:25][darryl_at_hornet ~][0]$ /usr/sbin/tracepath mirror.aarnet.edu.au
1: send failed
Resume: pmtu 65535
[15:26][darryl_at_hornet ~][0]$ /usr/sbin/traceroute mirror.aarnet.edu.au
traceroute to mirror.aarnet.edu.au (192.42.62.2), 30 hops max, 38 byte
packets
1 fuzzitech-gw.ge0-320.core1.adl.e-access.com.au (202.191.97.38)
0.347 ms 0.236 ms 0.179 ms
2 gi1-110.bdr1.adl.e-access.com.au (202.191.96.14) 0.408 ms 0.524
ms 0.356 ms
3 202.191.98.6 (202.191.98.6) 0.837 ms 0.853 ms 0.782 ms
4 fastethernet1-0-7.cor1.ade.connect.com.au (203.63.126.182) 1.897
ms 1.360 ms 2.047 ms
5 fastethernet6-0-0.bdr1.ade.connect.com.au (203.63.113.78) 2.111 ms
1.909 ms 1.420 ms
6 so-0-0-1.cre1.ade.connect.com.au (202.10.4.51) 2.114 ms 2.293 ms
1.837 ms
7 so-0-0-0.cre1.stc.connect.com.au (202.10.0.69) 2.761 ms 1.943 ms
2.049 ms
8 so-0-0-2.cre1.bur.connect.com.au (202.10.0.47) 12.888 ms 12.781
ms 14.110 ms
9 pos12-0-0.bdr2.mel.connect.com.au (202.10.4.32) 13.698 ms 13.848
ms 13.659 ms
10 ATM11-0-0-15.mn1.optus.net.au (202.139.7.5) 18.380 ms 16.147 ms
17.059 ms
11 Gi5-0.cn1.optus.net.au (202.139.191.130) 35.301 ms 33.376 ms
33.962 ms
12 Mirror.cn1.optus.net.au (202.139.138.110) 64.432 ms 45.811 ms
40.214 ms
13 mirror.aarnet.edu.au (192.42.62.2) 35.541 ms 43.325 ms 34.609 ms
[15:26][darryl_at_hornet ~][0]$ ping mirror.aarnet.edu.au
PING mirror.aarnet.edu.au (192.42.62.2) from 202.191.97.33 : 56(84)
bytes of data.
64 bytes from mirror.aarnet.edu.au (192.42.62.2): icmp_seq=1 ttl=244
time=39.9 ms
64 bytes from mirror.aarnet.edu.au (192.42.62.2): icmp_seq=2 ttl=244
time=40.8 ms
--- mirror.aarnet.edu.au ping statistics ---
2 packets transmitted, 2 received, 0% loss, time 5048ms
rtt min/avg/max/mdev = 39.954/40.408/40.862/0.454 ms
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Here is the same session from inside a vserver
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
[15:26][darryl_at_hornet ~][0]$ sudo /usr/sbin/vserver vs1 enter
Password:
ipv4root is now 202.191.97.34
New security context is 49154
[root_at_vserver:vs1 /]host mirror.aarnet.edu.au
mirror.aarnet.edu.au has address 192.42.62.2
[root_at_vserver:vs1 /]host mirror.aarnet.edu.au ns1.e-access.com.au
Using domain server:
Name: ns1.e-access.com.au
Address: 202.191.96.194#53
Aliases:
mirror.aarnet.edu.au has address 192.42.62.2
[root_at_vserver:vs1 /]/usr/sbin/tracepath mirror.aarnet.edu.au
1?: [LOCALHOST] pmtu 1500
1: fuzzitech-gw.ge0-320.core1.adl.e-access.com.au (202.191.97.38)
0.775ms
2: gi1-110.bdr1.adl.e-access.com.au (202.191.96.14) 1.065ms
3: 202.191.98.6 (202.191.98.6) 1.668ms
4: fastethernet1-0-7.cor1.ade.connect.com.au (203.63.126.182) 2.925ms
5: fastethernet6-0-0.bdr1.ade.connect.com.au (203.63.113.78) 3.320ms
6: so-0-0-1.cre1.ade.connect.com.au (202.10.4.51) asymm 7 3.942ms
7: so-0-0-0.cre1.stc.connect.com.au (202.10.0.69) asymm 6 4.245ms
8: so-0-0-2.cre1.bur.connect.com.au (202.10.0.47) asymm 9 14.639ms
9: pos12-0-0.bdr2.mel.connect.com.au (202.10.4.32) asymm 8 15.151ms
10: ATM11-0-0-15.mn1.optus.net.au (202.139.7.5) 26.090ms
11: Gi6-0.cn1.optus.net.au (202.139.191.162) asymm 13 44.390ms
12: Mirror.cn1.optus.net.au (202.139.138.110) asymm 13 44.750ms
13: mirror.aarnet.edu.au (192.42.62.2) 45.237ms reached
Resume: pmtu 1500 hops 13 back 13
[root_at_vserver:vs1 /]/usr/sbin/traceroute mirror.aarnet.edu.au
traceroute: icmp socket: Operation not permitted
[root_at_vserver:vs1 /]ping mirror.aarnet.edu.au
ping: icmp open socket: Operation not permitted
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
The last two commands failed because I do not have CAP_NET_RAW set for
this vserver, but the host command using an external name server works
as does the tracepath.
Also, I run a couple of vservers bound to lo with IP addresses like
127.1.1.1 for things like DB servers and use iptables to SNAT outgoing
packets to the IP address of the host so I can do apt-get updates and
things. The vservers that are being SNATed exibit the same behaviour as
the host itself.
Anyone got any recommendations on how to solve this one?
Regards
Darryl
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver