About this list Date view Thread view Subject view Author view Attachment view

From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Fri 17 Dec 2004 - 18:46:32 GMT


On Fri, Dec 17, 2004 at 06:47:11PM +0100, Vincenzo Agosto wrote:
> Herbert Poetzl wrote:
> >On Tue, Dec 14, 2004 at 05:45:08PM +0100, Vincenzo Agosto wrote:
> >
> >>Darryl Ross wrote:
> >>
> >>>Vincenzo Agosto wrote:
> >>>
> >>>| and nothing...
> >>>| but ping ftp2.it.debian.org is OK
> >>>| Some idea?
> >>>
> >>>I have found that pings always seem to come from the real IP address of
> >>>the machine, not the vserver IP address. That would be why the pings
> >>>work.
> >>>
> >>>Do you have a firewall rule in place to NAT traffic from the vserver IP
> >>>address to the real IP address?
> >>>
> >>>Regards
> >>>Darryl
> >>
> >>nope, nothing rule
> >>
> >>iptables -t nat -L
> >>Chain PREROUTING (policy ACCEPT)
> >>target prot opt source destination
> >>
> >>Chain POSTROUTING (policy ACCEPT)
> >>target prot opt source destination
> >>
> >>Chain OUTPUT (policy ACCEPT)
> >>target prot opt source destination
> >
> >
> >first, the nat table is not relevant for linux-vserver
> >as there is nothing to 'forward'.
> >
> >second as it is very likely a configuration issue, what
> >does a tcpdump on the 'host' show, when you do a simple
> >connect to a web server (like: telnet google.com 80)
> >
> If, in my vserver do telnet www.google.com 80 this is the tcpdump
>
> tcpdump: listening on ppp0
> 18:38:14.626102 82.48.106.27.32769 > 81.74.224.227.domain: 41553+ A?
> www.google.akadns.net. (39) (DF)
> 18:38:14.678478 192.168.1.250.41613 > 66.102.11.99.www: S
> 3858178163:3858178163(0) win 5808 <mss 1452,sackOK,timestamp 60170371
> 0,nop,wscale 0> (DF) [tos 0x10]
> 18:38:17.669087 192.168.1.250.41613 > 66.102.11.99.www: S
> 3858178163:3858178163(0) win 5808 <mss 1452,sackOK,timestamp 60170671
> 0,nop,wscale 0> (DF) [tos 0x10]
>
> Appear that the connection start from server to google but nothing
> response from google to vserver!

yep, if google (or others) would respond to packets
from local networks, they for sure would have a big
problem ...

> >third, what is your network setup, and what does your
> >gateway (router) do/allow?
> >
> my network setup is
> eth0 --> Dynamic ip
> eth1 192.168.1.254
> eth1:condor: 192.168.1.250
>
> in my vserver I have
> route
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 192.168.100.1 * 255.255.255.255 UH 0 0 0 ppp0
> 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
> default 192.168.100.1 0.0.0.0 UG 0 0 0 ppp0
>
> in my server
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 192.168.100.1 * 255.255.255.255 UH 0 0 0 ppp0
> localnet * 255.255.255.0 U 0 0 0 eth1
> default 192.168.100.1 0.0.0.0 UG 0 0 0 ppp0

okay, I'd say you want a rule like this on your host:

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d ! 192.168.1.0/24 -j SNAT
--to-source <dynamic-ip>

HTH,
Herbert

> best regard
> Vincenzo
>
>
>
> --
> иииииииииииииииииииииииииииииииииииииииииииииииии
> и .--. _ и
> и |o_o | Vincenzo / \ и
> и |:_/ | | () | и
> и // \ \ | \_/ и
> и (| | ) \ и
> и /'\_ _/`\ \ и
> и \___)=(___/ debian и
> иииииииииииииииииииииииииииииииииииииииииииииииии
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sun 19 Dec 2004 - 15:39:27 GMT by hypermail 2.1.3