About this list Date view Thread view Subject view Author view Attachment view

From: Christian Heim (christian.th.heim_at_gmx.de)
Date: Sun 20 Feb 2005 - 09:16:47 GMT


Well, I did a fresh install 3 days ago and I'm currently fighting with the
vservers to grant them access to the internet.

Hollow told me 2 weeks ago I had to do this via SNAT. Said, I tried my luck.

root_at_quasimodo # iptables -t nat -A POSTROUTING \
-s 192.168.16.0/255.255.255.0 -o eth0 -j SNAT --to-source 192.168.15.1

Did a tracepath inside the vserver on an adress in the external network. Hmm
doesn't work.

root_at_gauss # tracepath 141.53.7.30
 1: 192.168.16.2 (192.168.16.2) 0.238ms pmtu 1500
 1: no reply

The same from the master works like a charm.
root_at_quasimodo # tracepath 141.53.7.30
 1: extern28.uni-greifswald.de (141.53.18.28) 0.280ms pmtu 1500
 1: access1-d1.uni-greifswald.de (141.53.250.5) 218.141ms
 2: uni-greif-9.uni-greifswald.de (141.53.9.1) 211.376ms
 3: ntrz100.uni-greifswald.de (141.53.7.30) 226.134ms reached
     Resume: pmtu 1500 hops 3 back 3

So I have no clue why the vserver doesn't get out of my local network. I think
it's some sort of routing problems related to my connection. Maybe it could
also be related due to my iptables rules.

Thanks for the help in advance.

Christian

---------
Vserver Master:
root_at_quasimodo # ip addr ls
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:30:84:2a:9a:af brd ff:ff:ff:ff:ff:ff
    inet 192.168.15.1/24 brd 192.168.15.255 scope global eth0
    inet 192.168.16.2/32 scope global eth0
    inet 192.168.16.2/24 brd 192.168.16.255 scope global eth0
    inet 192.168.17.1/24 brd 192.168.17.255 scope global eth0:2
    inet 192.168.16.1/24 brd 192.168.16.255 scope global secondary eth0:1
3: ippp0: <POINTOPOINT,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen 30
    link/ppp
    inet 141.53.18.28 peer 141.53.250.5/16 scope global ippp0
4: ippp1: <POINTOPOINT,NOARP> mtu 1500 qdisc noop qlen 30
    link/ppp

root_at_quasimodo # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.17.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.16.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.15.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
141.53.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ippp0
127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo
0.0.0.0 141.53.250.5 0.0.0.0 UG 0 0 0 ippp0

Vserver:
root_at_gauss # ip addr ls
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:30:84:2a:9a:af brd ff:ff:ff:ff:ff:ff
    inet 192.168.16.2/32 scope global eth0
    inet 192.168.16.2/24 brd 192.168.16.255 scope global eth0

root_at_gauss # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.17.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.16.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.15.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
141.53.0.0 0.0.0.0 255.255.0.0 U 0 0 0 *
127.0.0.0 0.0.0.0 255.0.0.0 UG 0 0 0 *
0.0.0.0 0.0.0.0 0.0.0.0 UG 0 0 0 *

root_at_quasimodo # iptables-save
# Generated by iptables-save v1.2.11 on Sun Feb 20 10:17:38 2005
*mangle
:PREROUTING ACCEPT [13361180:15422431402]
:INPUT ACCEPT [13305339:15399898175]
:FORWARD ACCEPT [55836:22533019]
:OUTPUT ACCEPT [8230996:2484298043]
:POSTROUTING ACCEPT [8287150:2506612874]
COMMIT
# Completed on Sun Feb 20 10:17:38 2005
# Generated by iptables-save v1.2.11 on Sun Feb 20 10:17:38 2005
*nat
:PREROUTING ACCEPT [4669:270648]
:POSTROUTING ACCEPT [126:16164]
:OUTPUT ACCEPT [308:395925]
-A POSTROUTING -s 192.168.16.0/255.255.255.0 -o eth0 -j SNAT --to-source
192.168.15.1
-A POSTROUTING -o ippp+ -j MASQUERADE
-A POSTROUTING -o ippp+ -j MASQUERADE
COMMIT
# Completed on Sun Feb 20 10:17:38 2005
# Generated by iptables-save v1.2.11 on Sun Feb 20 10:17:38 2005
*filter
:INPUT ACCEPT [13305166:15399875998]
:FORWARD ACCEPT [27797:19086961]
:OUTPUT ACCEPT [8230996:2484298043]
-A INPUT -i ippp+ -m state --state INVALID,NEW -j DROP
-A FORWARD -i eth0 -o ippp+ -m state --state NEW,ESTABLISHED -j ACCEPT
-A FORWARD -i ippp+ -m state --state INVALID,NEW -j DROP
COMMIT
# Completed on Sun Feb 20 10:17:38 2005
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sun 20 Feb 2005 - 09:17:09 GMT by hypermail 2.1.3