On Thu, Jan 15, 2004 at 03:59:07PM +1030, Darryl Ross wrote: > Quick question. > > I'm currently running 2.4.23-vs1.21 on a RH7.3 host and am having the > same problem that a few other people have posted about, namely not being > able to connect to remote hosts from the host server, but being able to > from within a vserver. I'm not sure if a fix has been posted for this > yet, but I thought I'd describe the behavior on my system, in case it helps. > > From the host machine, I am not able to run some network programs, > although I do seem to be able to run some others. As someone posted > earlier, I have tried running SSH bound to the specific IP addresses > rather than using the v_sshd wrapper, but it doesn't seem to have made > any differences. Here is an example session, from the host machine itself:
for those having the same issues on their hosts, a short explanation what really happened, how to diagnose and what to do to solve it: symptomps: some services (especially udp based ones) time out or 'just' do not work, when logged on to the 'host' server, some of them might work in a vserver as expected. anamnesis: vserver 0.28 or 0.29er tools are installed cause: you are probably using the v_sshd wrapper without specifying any IP="" entries in the corresponding /etc/vservices/sshd.conf (might not even have this dir/entry yet) solution: add a file /etc/vservices/sshd.conf which contains the line: IP="<my external ip>" and restart the v_sshd service (might require a reboot) explanation: it seems that those tools, if no /etc/vservices/<service> entry is found, specify --ip 127.0.0.1 --ip <your ip> which can be verified with grep ipv4root /proc/self/status showing something like this: ipv4root: 0100007f/00ffffff 4700a8c0/00ffffff the current behaviour of the chbind/ip limiting feature with more than one ip addresses specified is to choose the first one for outgoing packets where no source ip is specified ... in this case it will be the local ip 127.0.0.1 which naturally fails, when it is used on outbound requests ... HTH, Herbert _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
