About this list Date view Thread view Subject view Author view Attachment view

From: Vincenzo Agosto (netstat_at_email.it)
Date: Sat 18 Dec 2004 - 11:28:46 GMT


Herbert Poetzl wrote:
> On Fri, Dec 17, 2004 at 06:47:11PM +0100, Vincenzo Agosto wrote:
>
>>Herbert Poetzl wrote:
>>
>>>On Tue, Dec 14, 2004 at 05:45:08PM +0100, Vincenzo Agosto wrote:
>>>
>>>
>>>>Darryl Ross wrote:
>>>>
>>>>
>>>>>Vincenzo Agosto wrote:
>>>>>
>>>>>| and nothing...
>>>>>| but ping ftp2.it.debian.org is OK
>>>>>| Some idea?
>>>>>
>>>>>I have found that pings always seem to come from the real IP address of
>>>>>the machine, not the vserver IP address. That would be why the pings
>>>>>work.
>>>>>
>>>>>Do you have a firewall rule in place to NAT traffic from the vserver IP
>>>>>address to the real IP address?
>>>>>
>>>>>Regards
>>>>>Darryl
>>>>
>>>>nope, nothing rule
>>>>
>>>>iptables -t nat -L
>>>>Chain PREROUTING (policy ACCEPT)
>>>>target prot opt source destination
>>>>
>>>>Chain POSTROUTING (policy ACCEPT)
>>>>target prot opt source destination
>>>>
>>>>Chain OUTPUT (policy ACCEPT)
>>>>target prot opt source destination
>>>
>>>
>>>first, the nat table is not relevant for linux-vserver
>>>as there is nothing to 'forward'.
>>>
>>>second as it is very likely a configuration issue, what
>>>does a tcpdump on the 'host' show, when you do a simple
>>>connect to a web server (like: telnet google.com 80)
>>>
>>
>>If, in my vserver do telnet www.google.com 80 this is the tcpdump
>>
>>tcpdump: listening on ppp0
>>18:38:14.626102 82.48.106.27.32769 > 81.74.224.227.domain: 41553+ A?
>>www.google.akadns.net. (39) (DF)
>>18:38:14.678478 192.168.1.250.41613 > 66.102.11.99.www: S
>>3858178163:3858178163(0) win 5808 <mss 1452,sackOK,timestamp 60170371
>>0,nop,wscale 0> (DF) [tos 0x10]
>>18:38:17.669087 192.168.1.250.41613 > 66.102.11.99.www: S
>>3858178163:3858178163(0) win 5808 <mss 1452,sackOK,timestamp 60170671
>>0,nop,wscale 0> (DF) [tos 0x10]
>>
>>Appear that the connection start from server to google but nothing
>>response from google to vserver!
>
>
> yep, if google (or others) would respond to packets
> from local networks, they for sure would have a big
> problem ...
>
>
>>>third, what is your network setup, and what does your
>>>gateway (router) do/allow?
>>>
>>
>>my network setup is
>>eth0 --> Dynamic ip
>>eth1 192.168.1.254
>>eth1:condor: 192.168.1.250
>>
>>in my vserver I have
>>route
>>Kernel IP routing table
>>Destination Gateway Genmask Flags Metric Ref Use
>>Iface
>>192.168.100.1 * 255.255.255.255 UH 0 0 0 ppp0
>>192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
>>default 192.168.100.1 0.0.0.0 UG 0 0 0 ppp0
>>
>>in my server
>>Kernel IP routing table
>>Destination Gateway Genmask Flags Metric Ref Use
>>Iface
>>192.168.100.1 * 255.255.255.255 UH 0 0 0 ppp0
>>localnet * 255.255.255.0 U 0 0 0 eth1
>>default 192.168.100.1 0.0.0.0 UG 0 0 0 ppp0
>
>
> okay, I'd say you want a rule like this on your host:
>
> iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d ! 192.168.1.0/24 -j SNAT
> --to-source <dynamic-ip>
>

IP=`ifconfig ppp0 | grep inet | cut -d: -f2 | awk {'print $1'}`
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d ! 192.168.1.0/24 -j
SNAT --to-source $IP

same problem :(

> HTH,
> Herbert
>
>
>>best regard
>>Vincenzo

-- 
   ·················································
   ·     .--.                                 _    ·
   ·    |o_o |     Vincenzo                 /   \  ·
   ·    |:_/ |                             |  () | ·
   ·   //   \ \                            |  \_/  ·
   ·  (|     | )                            \      ·
   · /'\_   _/`\                              \    ·
   · \___)=(___/                           debian  ·
   ·················································
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sun 19 Dec 2004 - 15:41:36 GMT by hypermail 2.1.3