[Users] Some VE on one HW node cannot communicate each other (getting Time to live exceeded)

2006-12-22 Thread Jan Tomasek 
Hello,

I've server with two network cards in following setup:

auto eth0
iface eth0 inet static
address 195.113.233.254
netmask 255.255.255.0
network 195.113.233.0
broadcast 195.113.233.255
gateway 195.113.233.1

auto eth0:0
iface eth0:0 inet static
address 192.168.1.1
netmask 255.255.255.0
network 192.168.1.255
broadcast 192.168.1.255

auto eth1
iface eth1 inet static
address   195.113.187.37
netmask   255.255.255.192
network   195.113.187.0
broadcast 195.113.187.63
post-up  ip rule add from 195.113.187.33 table 6
post-up  ip rule add from 195.113.187.35 table 6
post-up  ip route add default dev eth1 via 195.113.187.1 table 6
post-down  ip rule delete from 195.113.187.33 table 6
post-down  ip rule delete from 195.113.187.35 table 6


There are three networks on:

 1) eth0 195.113.233.0/24 primary public network for OpenVZ systems
 2) eth0:0 192.168.1.0/24 private network for system which should not
waste publicaly routable IP but still need to be online
 3) eth1 195.113.187.0/26 is secondary public network - I was using
this range for physical systems which I'm now moving to VE

Everything is working fine, except comunication between systems using
eth1 and eth0.

Routing tables on HW node:

chlivek:~# ip rule
0:  from all lookup 255
32764:  from 195.113.187.35 lookup 6
32765:  from 195.113.187.33 lookup 6
32766:  from all lookup main
32767:  from all lookup default

chlivek:~# ip route
195.113.187.33 dev venet0  scope link  src 192.168.1.1
192.168.1.2 dev venet0  scope link  src 192.168.1.1
195.113.233.253 dev venet0  scope link  src 192.168.1.1
195.113.233.252 dev venet0  scope link  src 192.168.1.1
195.113.187.0/26 dev eth1  proto kernel  scope link  src 195.113.187.37
195.113.233.0/24 dev eth0  proto kernel  scope link  src 195.113.233.254
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.1
default via 195.113.233.1 dev eth0

chlivek:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse
Iface
195.113.187.33  0.0.0.0 255.255.255.255 UH0  00
venet0
192.168.1.2 0.0.0.0 255.255.255.255 UH0  00
venet0
195.113.233.253 0.0.0.0 255.255.255.255 UH0  00
venet0
195.113.233.252 0.0.0.0 255.255.255.255 UH0  00
venet0
195.113.187.0   0.0.0.0 255.255.255.192 U 0  00 eth1
195.113.233.0   0.0.0.0 255.255.255.0   U 0  00 eth0
192.168.1.0 0.0.0.0 255.255.255.0   U 0  00 eth0
0.0.0.0 195.113.233.1   0.0.0.0 UG0  00 eth0

Pinging from system 195.113.187.33 outside:

ermon:~# ping -c 1 195.113.233.254 (HW node)
PING 195.113.233.254 (195.113.233.254) 56(84) bytes of data.
64 bytes from 195.113.233.254: icmp_seq=1 ttl=64 time=0.035 ms

ermon:~# ping -c 1 195.113.233.1  (Gateway)
PING 195.113.233.1 (195.113.233.1) 56(84) bytes of data.
64 bytes from 195.113.233.1: icmp_seq=1 ttl=254 time=0.472 ms

ermon:~# ping -c 1 195.113.233.253 (VE using eth0)
PING 195.113.233.253 (195.113.233.253) 56(84) bytes of data.
From 192.168.1.1 icmp_seq=1 Time to live exceeded


I'm bit curious where that 192.168.1.1 get into path. In FW rules I'm using:

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
echo 1  /proc/sys/net/ipv4/ip_forward

for translating 192.168.1.0/24 onto public 195.113.233.254.



I used http://wiki.openvz.org/Source_based_routing as base for setup,
but I'm really clueless how to fix it. Please can someone review this
setup and suggest me better way how to setup this?

Best regards
-- 
---
Jan Tomasek aka Semik
http://www.tomasek.cz/



signature.asc
Description: OpenPGP digital signature
___
Users mailing list
Users@openvz.org
https://openvz.org/mailman/listinfo/users

Re: [Users] Installing BIND on VE's

2006-12-22 Thread Romeo Theriault 
On 12/21/06 9:19 PM, Al Sparks [EMAIL PROTECTED] wrote:

 I'm trying to set up a test environment of name servers.  I downloaded
 the BIND tarball to one of the Virtual Environment, and tried to
 compile it.  That didn't work, because there's no gcc installed.
 
 So I tried compiling it at the management level which did work, and
 transferred the compiled version over to the VE.  When I did a make
 install make did run, but ended with errors.
 
 How do I create a VE that will compile and install something like
 BIND?  I'm sure there are lots of libraries that may be needed.
 
 I'm new to OpenVZ.  Am I missing something obvious?
 
 I'm running CentOS 4.4 in all VE's.
=== Al
 
 
 
 
 ___
 Users mailing list
 Users@openvz.org
 https://openvz.org/mailman/listinfo/users

Al, the first thing you want to do is install yum in your vps from the host
node. You would do that from the Host Node with something like this:

 vzyum vpsid install yum

vpsid being the id of the vps you want to install yum in.

Then I would ssh into the vps and using yum install BIND or at least the
libraries you will need to compile BIND.

You would do that with something like this:

 yum install bind


HTH's
Romeo 


___
Users mailing list
Users@openvz.org
https://openvz.org/mailman/listinfo/users

Re: [Users] Installing BIND on VE's

2006-12-22 Thread Kir Kolyshkin 

Jan Tomasek wrote:

Hello Al,

Al Sparks wrote:
  

I'm trying to set up a test environment of name servers.  I downloaded
the BIND tarball to one of the Virtual Environment, and tried to
compile it.  That didn't work, because there's no gcc installed.



why you do not install gcc into VE? I'm handling VE almost as ordinary
system running on physical HW. Template which come with OpenVZ (at least
for Debian which I'm using) is very basic instalation of Linux, I have
to install there numerous packages to be able use it for my work.
  
That's why it is called minimal -- it's a boilerplate, so you should 
use apt-get/aptitude/any-other-tool to install whatever you need on top 
of that. By the way you can tar the result and use it as a template to 
create other VEs.

___
Users mailing list
Users@openvz.org
https://openvz.org/mailman/listinfo/users

Re: [Users] DNS Server on OpenVZ.

2006-12-22 Thread Konstantin Seiler 
On Friday 22 December 2006 18:29, Paul Stuffins wrote:
 the node. I have no problems installing OpenVZ and creating VE's but I
 am under the impression that a VE can not see any other VE's on the
 same node, is this correct? I ask because one of the VE's will be

The VEs send all their traffic to the Hostnode. So by default the VEs can 
communicate with the HN only. For any other kind of communication you have to 
enable IP-Forwarding on HN - usually one does this together with Proxyarp.

By doing this the VEs can communicate quite well because the HN does all the 
routing. So there should be no problem with your plans.

For further information fire up a search-engine and ask for Pseudobridge with 
proxyarp. There is a howto somewhere that covers this.

Cheers,
Konstantin
___
Users mailing list
Users@openvz.org
https://openvz.org/mailman/listinfo/users

Re: [Users] Installing BIND on VE's

2006-12-22 Thread Al Sparks 
  Al, the first thing you want to do is install yum in your vps
 from the host node. You would do that from the Host Node with
 something like this:
 
 vzyum vpsid install yum
 
 vpsid being the id of the vps you want to install yum in.
 
 Then I would ssh into the vps and using yum install BIND or at
 least the libraries you will need to compile BIND.
 
 You would do that with something like this:
 yum install bind

Thanks for all the responses.  I didn't install yum on the VE.

Instead, I used vzyum from the host mode to install gcc, flex, byacc,
which is what Bind-8 demands to do an install.

Thanks for the help.
   === Al



___
Users mailing list
Users@openvz.org
https://openvz.org/mailman/listinfo/users