[Vserver] Re: Vserver Digest, Vol 22, Issue 9

From: stefan julius <stefan.julius_at_t-online.de>
Date: Fri 06 Jan 2006 - 15:03:46 GMT
Message-Id: <1136559827.9566.38.camel@linux.site>

Thanx for fast answer,

sorry I have forgotten to explain how the connection fails, also have
forgotten to inform my host system is installed with Debian Sarge
stable.

I only have access to the host system, and also I don't understand how
to access the vserver from outside is it right how I have configured
the
vserver domainname vhost00.my.hostdomain.name?

Also have no idea how to make my vservers over dns reachable, because
they are only local reachable.

Sorry I know I must learn more about networking.

Please give me some informations and I will make it ;-)!

I also wanted to know if it is necessary to create a vhost00.conf int
the /etc/vservers dir, I have done it but it also failled.

Thanx for ur help.

Am Freitag, den 06.01.2006, 15:27 +0100 schrieb
vserver-request@list.linux-vserver.org:

> Send Vserver mailing list submissions to
> vserver@list.linux-vserver.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://list.linux-vserver.org/mailman/listinfo/vserver
> or, via email, send a message with subject or body 'help' to
> vserver-request@list.linux-vserver.org
>
> You can reach the person managing the list at
> vserver-owner@list.linux-vserver.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Vserver digest..."
>
>
> Today's Topics:
>
> 1. network config with VLANs (Oliver Welter)
> 2. can't access ssh (stefan julius)
> 3. Re: can't access ssh (Oliver Welter)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 06 Jan 2006 13:38:55 +0100
> From: Oliver Welter <mail@oliwel.de>
> Subject: [Vserver] network config with VLANs
> To: vserver@list.linux-vserver.org
> Message-ID: <43BE64DF.5010300@oliwel.de>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi Folks,
>
> I have some problems with "vlans" and vservers..
>
> I have a box that has one physical Interface that hosts two VLANs, both
> are official Addresses and reachable from the Internet.
> The main host hast conectivity on both networks .
>
> 1) What should I but in "interfaces/0/dev" ? eth0 or vlan1 fails, I get
> a message:
> creation of VLAN_PLUS_VID_NO_PAD devices is not supported; please
> create them before starting the vserver and use the 'nodev' flag then
>
> When I put "nodev" in the "dev" file I get a warning - I put an empty
> file "nodev" in the interface directory - seems to work, is this correct?
>
> 2) I have a problem with routing - if the vserver guest has only
> addresses in one of the networks, I cannot ping across the networks
> because the hosts routing table show up in the guest, but the devices
> shonw there for routing dont exists. I am fiddling around with iptables
> and got some aspects to work, but not all....is there another trick ?
>
> I run everyting on gentoo with up to date tools
> Kernel: 2.6.14-vs2.0.1-gentoo
> VS-API: 0x00020001
> util-vserver: 0.30.209; Jan 2 2006, 22:49:56
>
> Oliver
> --
> Diese Nachricht wurde digital unterschrieben
> oliwel's public key: http://www.oliwel.de/oliwel.crt
> Basiszertifikat: http://www.ldv.ei.tum.de/page72
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: smime.p7s
> Type: application/x-pkcs7-signature
> Size: 5146 bytes
> Desc: S/MIME Cryptographic Signature
> Url : http://daffy.hulpsystems.net/pipermail/vserver/attachments/20060106/f8478d71/smime-0001.bin
>
> ------------------------------
>
> Message: 2
> Date: Fri, 06 Jan 2006 15:17:10 +0100
> From: stefan julius <stefan.julius@t-online.de>
> Subject: [Vserver] can't access ssh
> To: vserver@list.linux-vserver.org
> Message-ID: <1136557030.9566.27.camel@linux.site>
> Content-Type: text/plain; charset="us-ascii"
>
> Hello sorry for the boring questions, about connection to a vserver via
> ssh,
> but i am working on it for more than one week and it won't be work.
> Maybe someone can help me.
>
>
> My system:
>
> P4 3GHz
>
> 2000 MB RAM
>
> Kernel 2.6.14.3-vs2.1.0-rc10
>
> util-vserver-0.30.209
>
> two NICs eth0 connected to the internet, it is a dedicated server, also
> there is a NIC eth1,
> without connection throught the net, but I though I use this for my
> local network, and performed
>
> vserver vhost00 build -m skeleton --hostname vhost00.(here my
> domainname) --netdev eth1 --interface v00=192.168.1.110/24 --context 50
>
> after that I tarballed a preconfigured system sarge stable!
>
> Installation and all others works fine I have access to the vserver,
> also have connection to the internet with, I can perform apt-get update,
> also ssh and xinetd installation works fine.
>
> Accessing vserver with ssh from the host system also works fine.
>
> configured the sshd on the vserver to the local ip 192.168.1.110, on
> port 22 also on port 2222
>
>
> Using OpenSSH_3.8.1 on the host and also on the vserver, set the
> ListenAdress on the host as mentioned to my host ip on port 22, I also
> tried it on port 2222
>
> alias device is shown and all seems to be ok
>
> have installed Shorewall firewall, configured
> won't work, maybe here is the problem, or I have problem to configure my
> "Local Network", is it possible to use the onboard NIC without
> connection to the network as device for my Local network?
>
> here are my conf files maybe it will give further informations
>
> interfaces:
>
> loc eth1 detect routefilter,tcpflags
> net eth0 detect dhcp,routefilter,tcpflags
>
> masq:
>
> eth0:"my host ip" eth1
> eth1:v00 eth1!85.214.22.240 192.168.1.110
>
> nat:
>
> "my host ip" eth1 192.168.1.110 no no
>
> policy:
>
> all all ACCEPT
>
> net $FW ACCEPT info
> $FW net ACCEPT info
>
> loc $FW ACCEPT
> $FW loc ACCEPT
>
> loc net ACCEPT
> net loc ACCEPT
>
>
> routestopped:
>
>
> eth0 "my host ip"
> eth1
>
> rules:
>
>
> ##############################################################################
> #ACTION SOURCE DEST PROTO DEST SOURCE
> ORIGINAL
> # PORT PORT(S)
> DEST
> #
> # Accept DNS connections from the firewall to the network
> #
> ACCEPT fw net tcp 53
> ACCEPT fw net udp 53
> ACCEPT net fw tcp 53
> ACCEPT net fw udp 53
>
> # Accept SSH connections from the firewall to the network
>
> ACCEPT fw net tcp 22
> ACCEPT fw net udp 22
> ACCEPT net fw tcp 22 # Ausgang zu
> anderen Rechnern
>
> ACCEPT net fw:192.168.1.110 tcp 22
>
> ACCEPT net loc:192.168.1.110 tcp 22
>
> DNAT net loc:192.168.1.110 tcp 22 22 "my host ip"
> 85.214.22.240
>
>
> # Accept Webmin connections from the firewall to the network
>
> ACCEPT fw net tcp 777
> ACCEPT fw net udp 777
> ACCEPT net fw tcp 777
>
>
> # Accept FTP connections from the firewall to the network
>
> ACCEPT fw net tcp 21
> ACCEPT fw net udp 21
> ACCEPT net fw tcp 21
> ACCEPT net fw udp 21
>
> #
> # Accept SSH connections from the local network for administration
> #
> #ACCEPT net fw tcp 22
> # Allow Ping To And From Firewall
> #
> ACCEPT loc fw icmp 8
> ACCEPT net fw icmp 8
> ACCEPT fw loc icmp 8
> ACCEPT fw net icmp 8
>
>
> ACCEPT loc fw udp 53
> ACCEPT loc fw tcp 80
>
>
>
> zones:
>
>
> loc Local Local Internet
> net Net Internet
>
> won't work, maybe here is the problem, or I have problem to configure my
> "Local Network", is it possible to use the onboard NIC without
> connection to the network as device for my Local network?
>
>
> also tried
>
> inetd/xinetd
> You can't bind inetd to a interface, replace it with xinetd.
> config file: xinetd.conf
> defaults
> {
> bind = "my host ip"
> }
>
>
>
>
> also tried to make the host interface and IP available in a vserver
> http://deb.riseup.net/vserver/usage/.
>
>
>
> maybe someone can give me more informations how to access my vservers.
>
>
>
>
>
>
>
> Greetinx and thanx for ur help!
>
> Stefan
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://daffy.hulpsystems.net/pipermail/vserver/attachments/20060106/451245ab/attachment-0001.htm
>
> ------------------------------
>
> Message: 3
> Date: Fri, 06 Jan 2006 15:29:35 +0100
> From: Oliver Welter <mail@oliwel.de>
> Subject: Re: [Vserver] can't access ssh
> To: vserver@list.linux-vserver.org
> Message-ID: <43BE7ECF.7030507@oliwel.de>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi Stefan,
>
> IIUC you can access the vServer from the host system, so the SSH is
> working ?
> Can you ping the vServer from outside ?
> Perhaps you have a problem with DNS resolution or so and cause a timeout
> on the connection because the guest tries a lookup on the connecting host...
>
> Try shutting down the shprewall for testing, perhaps this is an issue -
> networking with vServer is a bit strange sometimes..
>
> Oliver/vserver
>

_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Received on Fri Jan 6 15:01:16 2006
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 06 Jan 2006 - 15:01:24 GMT by hypermail 2.1.8