[Vserver] vserver and routing

Christian Heim Sun, 20 Feb 2005 01:17:05 -0800

Well, I did a fresh install 3 days ago and I'm currently fighting with the 
vservers to grant them access to the internet.


Hollow told me 2 weeks ago I had to do this via SNAT. Said, I tried my luck.

[EMAIL PROTECTED] # iptables -t nat -A POSTROUTING \ 
-s 192.168.16.0/255.255.255.0 -o eth0 -j SNAT --to-source 192.168.15.1

Did a tracepath inside the vserver on an adress in the external network. Hmm 
doesn't work.

[EMAIL PROTECTED] # tracepath 141.53.7.30
 1:  192.168.16.2 (192.168.16.2)                            0.238ms pmtu 1500
 1:  no reply

The same from the master works like a charm.
[EMAIL PROTECTED] # tracepath 141.53.7.30
 1:  extern28.uni-greifswald.de (141.53.18.28)              0.280ms pmtu 1500
 1:  access1-d1.uni-greifswald.de (141.53.250.5)          218.141ms
 2:  uni-greif-9.uni-greifswald.de (141.53.9.1)           211.376ms
 3:  ntrz100.uni-greifswald.de (141.53.7.30)              226.134ms reached
     Resume: pmtu 1500 hops 3 back 3

So I have no clue why the vserver doesn't get out of my local network. I think 
it's some sort of routing problems related to my connection. Maybe it could 
also be related due to my iptables rules.

Thanks for the help in advance.

Christian

---------
Vserver Master:
[EMAIL PROTECTED] # ip addr ls
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:30:84:2a:9a:af brd ff:ff:ff:ff:ff:ff
    inet 192.168.15.1/24 brd 192.168.15.255 scope global eth0
    inet 192.168.16.2/32 scope global eth0
    inet 192.168.16.2/24 brd 192.168.16.255 scope global eth0
    inet 192.168.17.1/24 brd 192.168.17.255 scope global eth0:2
    inet 192.168.16.1/24 brd 192.168.16.255 scope global secondary eth0:1
3: ippp0: <POINTOPOINT,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen 30
    link/ppp
    inet 141.53.18.28 peer 141.53.250.5/16 scope global ippp0
4: ippp1: <POINTOPOINT,NOARP> mtu 1500 qdisc noop qlen 30
    link/ppp

[EMAIL PROTECTED] # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.17.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.16.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.15.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
141.53.0.0      0.0.0.0         255.255.0.0     U     0      0        0 ippp0
127.0.0.0       127.0.0.1       255.0.0.0       UG    0      0        0 lo
0.0.0.0         141.53.250.5    0.0.0.0         UG    0      0        0 ippp0

Vserver:
[EMAIL PROTECTED] # ip addr ls
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:30:84:2a:9a:af brd ff:ff:ff:ff:ff:ff
    inet 192.168.16.2/32 scope global eth0
    inet 192.168.16.2/24 brd 192.168.16.255 scope global eth0

[EMAIL PROTECTED] # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.17.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.16.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.15.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
141.53.0.0      0.0.0.0         255.255.0.0     U     0      0        0 *
127.0.0.0       0.0.0.0         255.0.0.0       UG    0      0        0 *
0.0.0.0         0.0.0.0         0.0.0.0         UG    0      0        0 *

[EMAIL PROTECTED] # iptables-save
# Generated by iptables-save v1.2.11 on Sun Feb 20 10:17:38 2005
*mangle
:PREROUTING ACCEPT [13361180:15422431402]
:INPUT ACCEPT [13305339:15399898175]
:FORWARD ACCEPT [55836:22533019]
:OUTPUT ACCEPT [8230996:2484298043]
:POSTROUTING ACCEPT [8287150:2506612874]
COMMIT
# Completed on Sun Feb 20 10:17:38 2005
# Generated by iptables-save v1.2.11 on Sun Feb 20 10:17:38 2005
*nat
:PREROUTING ACCEPT [4669:270648]
:POSTROUTING ACCEPT [126:16164]
:OUTPUT ACCEPT [308:395925]
-A POSTROUTING -s 192.168.16.0/255.255.255.0 -o eth0 -j SNAT --to-source 
192.168.15.1
-A POSTROUTING -o ippp+ -j MASQUERADE
-A POSTROUTING -o ippp+ -j MASQUERADE
COMMIT
# Completed on Sun Feb 20 10:17:38 2005
# Generated by iptables-save v1.2.11 on Sun Feb 20 10:17:38 2005
*filter
:INPUT ACCEPT [13305166:15399875998]
:FORWARD ACCEPT [27797:19086961]
:OUTPUT ACCEPT [8230996:2484298043]
-A INPUT -i ippp+ -m state --state INVALID,NEW -j DROP
-A FORWARD -i eth0 -o ippp+ -m state --state NEW,ESTABLISHED -j ACCEPT
-A FORWARD -i ippp+ -m state --state INVALID,NEW -j DROP
COMMIT
# Completed on Sun Feb 20 10:17:38 2005
_______________________________________________
Vserver mailing list
[email protected]
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] vserver and routing

Reply via email to