About this list Date view Thread view Subject view Author view Attachment view

From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Fri 16 Jan 2004 - 02:28:01 GMT

On Thu, Jan 15, 2004 at 03:59:07PM +1030, Darryl Ross wrote:
> Quick question.
> I'm currently running 2.4.23-vs1.21 on a RH7.3 host and am having the
> same problem that a few other people have posted about, namely not being
> able to connect to remote hosts from the host server, but being able to
> from within a vserver. I'm not sure if a fix has been posted for this
> yet, but I thought I'd describe the behavior on my system, in case it helps.
> From the host machine, I am not able to run some network programs,
> although I do seem to be able to run some others. As someone posted
> earlier, I have tried running SSH bound to the specific IP addresses
> rather than using the v_sshd wrapper, but it doesn't seem to have made
> any differences. Here is an example session, from the host machine itself:

for those having the same issues on their hosts,
a short explanation what really happened, how to
diagnose and what to do to solve it:

symptomps: some services (especially udp based ones)
 time out or 'just' do not work, when logged on to
 the 'host' server, some of them might work in a
 vserver as expected.

anamnesis: vserver 0.28 or 0.29er tools are installed

cause: you are probably using the v_sshd wrapper
 without specifying any IP="" entries in the
 corresponding /etc/vservices/sshd.conf (might
 not even have this dir/entry yet)

solution: add a file /etc/vservices/sshd.conf
 which contains the line:

 IP="<my external ip>"

 and restart the v_sshd service (might require
 a reboot)

explanation: it seems that those tools, if no
 /etc/vservices/<service> entry is found, specify
 --ip --ip <your ip> which can be
 verified with grep ipv4root /proc/self/status
 showing something like this:

 ipv4root: 0100007f/00ffffff 4700a8c0/00ffffff

 the current behaviour of the chbind/ip limiting
 feature with more than one ip addresses specified
 is to choose the first one for outgoing packets
 where no source ip is specified ... in this case
 it will be the local ip which naturally
 fails, when it is used on outbound requests ...


Vserver mailing list

About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 16 Jan 2004 - 02:29:52 GMT by hypermail 2.1.3