Tom Eastep wrote:
> mess-mate wrote:
>
>> Here is:
>> - a shorewall dump from the router: status-router.txt
>> - a diagram : diagram-lan.txt
>> The answer for your last question (So, if you "shorewall clear" on the
>> Vserver host, does everything start working perfectly? ) is no. This is
>> why i add a shorewall dump of the router machine.
>> I can't access the internet from my vserver-guest
>> I can ping from the router to the vserver-guest and vice-versa.
>
> Two questions:
>
> a) What possible reason would you have for placing the vserver guest
> in an IP network different from the host? That seems like a strategy
> designed to confuse you and keep things from working.
>
> b) What default gateway have you defined for the vserver guest? Better
> yet, what is the output of "ip route ls" on that "system".
>
> -Tom
> ------------------------------------------------------------------------
>
>
Attached the ip route ls from the guest.
The reason of a different ip on the guest is to have a better form to
that of chrooting the webserver.
The vserver people recommend it and said it works without any problem.
I can now ping from the router when i added this rule to the host:
Ping/ACCEPT dmz:192.168.20.254 $FW ( as you can see on the
early sended status.txt of the host)
and this for ping 192.168.30.1.
mess-mate
192.168.20.0/24 dev eth1 proto kernel scope link src 192.168.20.1
192.168.30.0/24 dev eth1 proto kernel scope link src 192.168.30.1
default via 192.168.20.254 dev eth1
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
