Re: [Vserver] apt-get and vserver problem

[Vincenzo Agosto]

Herbert Poetzl wrote:
On Fri, Dec 17, 2004 at 06:47:11PM +0100, Vincenzo Agosto wrote:
Herbert Poetzl wrote:
On Tue, Dec 14, 2004 at 05:45:08PM +0100, Vincenzo Agosto wrote:

Darryl Ross wrote:

Vincenzo Agosto wrote:
| and nothing...
| but ping ftp2.it.debian.org is OK
| Some idea?
I have found that pings always seem to come from the real IP address of
the machine, not the vserver IP address. That would be why the pings 
work.

Do you have a firewall rule in place to NAT traffic from the vserver IP
address to the real IP address?
Regards
Darryl
nope, nothing rule
iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

first, the nat table is not relevant for linux-vserver
as there is nothing to 'forward'.
second as it is very likely a configuration issue, what
does a tcpdump on the 'host' show, when you do a simple
connect to a web server (like: telnet google.com 80)
If, in my vserver do telnet www.google.com 80 this is the tcpdump
tcpdump: listening on ppp0
18:38:14.626102 82.48.106.27.32769 > 81.74.224.227.domain:  41553+ A? 
www.google.akadns.net. (39) (DF)
18:38:14.678478 192.168.1.250.41613 > 66.102.11.99.www: S 
3858178163:3858178163(0) win 5808 <mss 1452,sackOK,timestamp 60170371 
0,nop,wscale 0> (DF) [tos 0x10]
18:38:17.669087 192.168.1.250.41613 > 66.102.11.99.www: S 
3858178163:3858178163(0) win 5808 <mss 1452,sackOK,timestamp 60170671 
0,nop,wscale 0> (DF) [tos 0x10]

Appear that the connection start from server to google but nothing 
response from google to vserver!

yep, if google (or others) would respond to packets
from local networks, they for sure would have a big 
problem ...


third, what is your network setup, and what does your
gateway (router) do/allow?
my network setup is
eth0 --> Dynamic ip
eth1 192.168.1.254
eth1:condor: 192.168.1.250
in my vserver I have
route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
192.168.100.1   *               255.255.255.255 UH    0      0        0 ppp0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth1
default         192.168.100.1   0.0.0.0         UG    0      0        0 ppp0

in my server
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
192.168.100.1   *               255.255.255.255 UH    0      0        0 ppp0
localnet        *               255.255.255.0   U     0      0        0 eth1
default         192.168.100.1   0.0.0.0         UG    0      0        0 ppp0

okay, I'd say you want a rule like this on your host:
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d ! 192.168.1.0/24 -j SNAT
--to-source <dynamic-ip>
HTH,
Herbert

best regard
Vincenzo


Liam Helmer wrote:
> On Sat, 2004-12-18 at 12:28 +0100, Vincenzo Agosto wrote:
>
>>Herbert Poetzl wrote:
>>IP=`ifconfig ppp0 | grep inet | cut -d: -f2 | awk {'print $1'}`
>>iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d ! 192.168.1.0/24 -j
>>SNAT --to-source $IP
>>same problem :(
>
>
> Wanna try quoting a little less message? ;)
>
> Add "-i ppp0" to the above line, it'll work better (e.g. -A POSTROUTING
> -i ppp0)
>
> Try a tcpdump now. If there's a problem, it may be that you're missing
> allow rules:
>
> iptables -I INPUT -i ppp0 -m state --state established,related -j >ACCEPT
> iptables -I OUTPUT -o ppp0 -s 192.168.-j ACCEPT
>
> That may help.
>
> Cheers,
> Liam
>
>
>
Then.... I add this iptables rules
iptables -I INPUT -i ppp0 -m state --state established,related -j ACCEPT
iptables -I OUTPUT -o ppp0 -s 192.168.1.250 -j ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.1.0/24 -d ! 
192.168.1.0/24 -j SNAT --to-source <MY IP>
next enter in my vserver:
<VSERVER> apt-get update
0% [Connecting to ftp2.it.debian.org (213.156.32.111)]
0% [Connecting to ftp2.it.debian.org (213.156.32.111)]

This is the tcpdump in my server
<SERVER>
tcpdump: listening on ppp0
23:16:21.349582 192.168.1.250.46497 > 213.156.32.111.www: S 
2478732283:2478732283(0) win 5808 <mss 1452,sackOK,timestamp 96399039 
0,nop,wscale 0> (DF)
23:16:24.349087 192.168.1.250.46497 > 213.156.32.111.www: S 
2478732283:2478732283(0) win 5808 <mss 1452,sackOK,timestamp 96399339 
0,nop,wscale 0> (DF)
23:16:30.349088 192.168.1.250.46497 > 213.156.32.111.www: S 
2478732283:2478732283(0) win 5808 <mss 1452,sackOK,timestamp 96399939 
0,nop,wscale 0> (DF)
23:16:42.349084 192.168.1.250.46497 > 213.156.32.111.www: S 
2478732283:2478732283(0) win 5808 <mss 1452,sackOK,timestamp 96401139 
0,nop,wscale 0> (DF)

bye
Vincenzo
--
  �������������������������������������������������
  �     .--.                                 _    �
  �    |o_o |     Vincenzo                 /   \  �
  �    |:_/ |                             |  () | �
  �   //   \ \                            |  \_/  �
  �  (|     | )                            \      �
  � /'\_   _/`\                              \    �
  � \___)=(___/                           debian  �
  �������������������������������������������������
_______________________________________________
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver