On Mon, Dec 19, 2005 at 02:19:50PM -0500, Jairo Enrique Serrano Castañeda wrote: > 2005/12/19, Herbert Poetzl <[EMAIL PROTECTED]>: > > > > On Mon, Dec 19, 2005 at 01:00:48PM -0500, Jairo Enrique Serrano Castañeda > > wrote: > > > > > > > > > > > > not unexpected, unless your router (172.16.3.16) > > > > also masquerades private addresses like 192.168.1.2 > > > > > > > > > my unusual router are 172.16.3.16 > > > > > > > how do it? > > > > > > > > simple: > > > > > > > iptables -t nat -I POSTROUTING -s 192.168.1.2 -j SNAT --to 172.16.3.102 > > > > > > > > > i have a "real" network ip of my lan... 172.16.3.103, i do a ip alias > > > > > > # Original > > > iface eth0 inet static > > > address 172.16.3.102 > > > netmask 255.255.255.0 > > > network 172.16.3.0 > > > broadcast 172.16.3.255 > > > gateway 172.16.3.16 > > > # dns-* options are implemented by the resolvconf package, if > > > installed > > > dns-nameservers 200.106.128.4 > > > > > > #alias > > > iface eth0:1 inet static > > > address 172.16.3.103 > > > netmask 255.255.255.0 > > > network 172.16.3.0 > > > broadcast 172.16.3.255 > > > gateway 172.16.3.16 > > > > the second gateway is confusing ... at least it might > > give strange results for 'different' gateways/networks > > > > dns-nameservers 200.106.128.4 > > > > > > > > > in the virtual server have: > > > [EMAIL PROTECTED]:/# route > > > Kernel IP routing table > > > Destination Gateway Genmask Flags Metric Ref Use > > > Iface > > > 172.16.3.0 * 255.255.255.0 U 0 0 0 > > eth0 > > > default 172.16.3.16 0.0.0.0 UG 0 0 0 > > eth0 > > > default 172.16.3.16 0.0.0.0 UG 0 0 0 > > eth0 > > > > > > in the Host server have: > > > [EMAIL PROTECTED]:~$ route > > > Kernel IP routing table > > > Destination Gateway Genmask Flags Metric Ref Use > > > Iface > > > localnet * 255.255.255.0 U 0 0 0 > > eth0 > > > default 172.16.3.16 0.0.0.0 UG 0 0 0 > > eth0 > > > default 172.16.3.16 0.0.0.0 UG 0 0 0 > > eth0 > > > > > > looks equal... > > > > yep, should be fine too, your last email contained > > a guest setup with 192.168.x.x though ... > > > sorry for the change... in not know to do... ;) > > > the two ips are functional... > > > > > ------------------------------------------------------------------------------------------------ > > > > > > [EMAIL PROTECTED]:~$ ping 172.16.3.102 > > > PING 172.16.3.102 (172.16.3.102) 56(84) bytes of data. > > > 64 bytes from 172.16.3.102: icmp_seq=1 ttl=64 time=0.023 ms > > > 64 bytes from 172.16.3.102: icmp_seq=2 ttl=64 time=0.007 ms > > > --- 172.16.3.102 ping statistics --- > > > > as you see, this doesn't tell anything, it just > > contacts localhost, and the packet is transmitted > > via the loopback device (does not even hit the > > network or router) > > > > > 2 packets transmitted, 2 received, 0% packet loss, time 999ms > > > rtt min/avg/max/mdev = 0.007/0.015/0.023/0.008 ms > > > > > > > > ------------------------------------------------------------------------------------------------ > > > > > > [EMAIL PROTECTED]:~$ ping 172.16.3.103 > > > PING 172.16.3.103 (172.16.3.103) 56(84) bytes of data. > > > 64 bytes from 172.16.3.103: icmp_seq=1 ttl=64 time=0.018 ms > > > 64 bytes from 172.16.3.103: icmp_seq=2 ttl=64 time=0.008 ms > > > --- 172.16.3.103 ping statistics --- > > > 2 packets transmitted, 2 received, 0% packet loss, time 1000ms > > > rtt min/avg/max/mdev = 0.008/0.013/0.018/0.005 ms > > > > > > > > ------------------------------------------------------------------------------------------------ > > > > try the following (on the host) just to verify that > > your router is doing the proper stuff: > > > > ping -c 2 -I 172.16.3.102 www.google.com > > ---------------------------------------------------------------------------------------------------------------------- > in the server.. > [EMAIL PROTECTED]:/home/savio# ping -c 2 -I 172.16.3.102 www.google.com > PING www.l.google.com (64.233.187.104) from 172.16.3.102 : 56(84) bytes of > data. > 64 bytes from 64.233.187.104: icmp_seq=1 ttl=242 time=159 ms > 64 bytes from 64.233.187.104: icmp_seq=2 ttl=242 time=213 ms > > --- www.l.google.com ping statistics --- > 2 packets transmitted, 2 received, 0% packet loss, time 1002ms > rtt min/avg/max/mdev = 159.191/186.328/213.466/27.140 ms > ---------------------------------------------------------------------------------------------------------------------- > in the vserver... > [EMAIL PROTECTED]:/home/savio# vserver sv1 enter > mesg: /dev/pts/0: Operation not permitted > [EMAIL PROTECTED]:/# ping -c 2 -I 172.16.3.102 www.google.com > ping: unknown host www.google.com >
the second ping is also supposed to be done _on the host_ and not inside the guest > :( dont works... > > ---------------------------------------------------------------------------------------------------------------------- > > ping -c 2 -I 172.16.3.103 www.google.com > > > > if one of those fails (or both) then something is > > broken with your router if it failed on the host, then this means that 172.16.3.103 is not properly routed ... you could try the following as a workaround: iptables -t nat -I POSTROUTING -s 172.16.3.103 -j SNAT --to 172.16.3.102 which remaps it to the 'working' ip ... retry the ping on the host, and check inside the guest ... HTH, Herbert > i try to see in the router (not work with that - the firewall administrator > its other people...) > > > but not resolv functional... > > > > verify that /etc/resolv.conf has proper nameserver > > entries inside the guest (i.e. very likely the same > > ones you have on the host) > > > server: > [EMAIL PROTECTED]:/home/savio# cat /etc/resolv.conf > nameserver 200.106.128.4 > vserver: > [EMAIL PROTECTED]:/# cat /etc/resolv.conf > nameserver 200.106.128.4 > > HTH, > > Herbert > > > > > > any fault in the config??? > > > > > > > > no, looks fine, although I'd add a prefix (e.g. > > > > containing 24) to the interfaces/0 > > > > > > > > HTH, > > > > Herbert > > > > > Thanks a lot for your help! > > -- > Jairo Enrique Serrano Castañeda > Ingeniero de Sistemas UTB > http://www.jsnat.com > http://www.drupal.org.es > _______________________________________________ > Vserver mailing list > [email protected] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
