[Vserver] Re: from breezy to Dapper ;)
Confirms!dist-upgrade... works...PERFECTLY!Thanks!On 7/19/06, Jairo Enrique Serrano Castañeda [EMAIL PROTECTED] wrote:Hello!its safe the transition of Breezy server to Dapper Server?? apt-get dist-upgrade?;)im very happy with vserver! but i need mysql5 :) and breezy not have this..-- Jairo Enrique Serrano CastañedaIngeniero de Sistemas UTBT - http://www.jsnat.com - http://savio.unitecnologica.edu.coC - http://www.drupal.org.es - http://www.champetux.org -- Jairo Enrique Serrano CastañedaIngeniero de Sistemas UTBT - http://www.jsnat.com - http://savio.unitecnologica.edu.coC - http://www.drupal.org.es - http://www.champetux.org ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] from breezy to Dapper ;)
Hello!its safe the transition of Breezy server to Dapper Server??apt-get dist-upgrade?;)im very happy with vserver! but i need mysql5 :) and breezy not have this..-- Jairo Enrique Serrano CastañedaIngeniero de Sistemas UTBT - http://www.jsnat.com - http://savio.unitecnologica.edu.coC - http://www.drupal.org.es - http://www.champetux.org ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] New project with vserver documentation (In spanish)
muy interesante hermano, puedo ayudarte, aunque con el tiempo que me queda... pero bueno.. no importa ;)On 2/21/06, Daniel Ortiz [EMAIL PROTECTED] wrote:HiI started a new proyect named LinuxParanoico.CL (actually inwww.minitruck.cl, when i have money i will move the site towww.linuxparanoico.cl, this month), the project goals is create, elaborate and find information and documentation about the GNU/Linuxsecurity issues .in this moment a complete documentation about the vserver-project is inprogress, we want to create a fully tested and completed guide about vservers in spanish (debian sarge based), rigth now the documentationabout vservers include (all in spanish):1.- spanish guide to recompile the kernel with the vserver patch2.- networking basic configuration 3.- How move the base-directories4.- host services configuration (ssh, apache,etc)5.- Most used vservers commands6.- networking advanced configuration (in progress)7.- Postinstalation configutation of the debian sarge vservers 8.- Mount directories in vservers9.- How install new vservers (from scrath an from new vserver) and howcopy vservers and respald them.Inthe future we want cover all the features about vserver, like vserver and grsecurity, install another distros, tested configurations, VirtualHostings guides, etcif you want link the page in the vserver oficial site absolutely noproblem, but keep in mind that the project is in www.minitruck.cl and inthe next week will be moved to www.linuxparanoico.clbyeDanielzaterio___ Vserver mailing listVserver@list.linux-vserver.orghttp://list.linux-vserver.org/mailman/listinfo/vserver -- Jairo Enrique Serrano CastañedaIngeniero de Sistemas UTBT - http://www.jsnat.com - http://savio.unitecnologica.edu.coC - http://www.drupal.org.es - http://www.champetux.org ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] HOWTO deal with NAT'ing firewalls and source-based routing with vservers
the server works.. but not the jabberd2, not ejabberd... wilfire (made in java 1.5)--- and the server now have a real IP stranger's thinks... On 2/13/06, Jairo Enrique Serrano Castañeda [EMAIL PROTECTED] wrote: Jabberd Virtual Server: jabberd:/# netstat -taActive Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 jabberd.unitecnolo:5347 *:* LISTENtcp 0 0 jabberd.uni:xmpp-client *:* LISTEN tcp 0 0 jabberd.unitecnol:mysql *:* LISTENtcp 0 0 jabberd.uni:xmpp-server *:* LISTENtcp 0 0 jabberd.unitecnolo:5347 localhost:36402 ESTABLISHED tcp 0 0 jabberd.unitecnolo:5347 localhost:36403 ESTABLISHEDtcp 0 0 jabberd.unitecnolo:5347 localhost:36400 ESTABLISHEDtcp 0 0 jabberd.unitecnolo:5347 localhost:36401 ESTABLISHED tcp 0 0 localhost:36400 jabberd.unitecnolo:5347 ESTABLISHEDtcp 0 0 localhost:36401 jabberd.unitecnolo:5347 ESTABLISHEDtcp 0 0 localhost:36402 jabberd.unitecnolo :5347 ESTABLISHEDtcp 0 0 localhost:36403 jabberd.unitecnolo:5347 ESTABLISHEDMain Server: # iptables -LChain INPUT (policy ACCEPT)target prot opt source destinationACCEPT all -- anywhere anywhere state RELATED,ESTABLISHEDACCEPT tcp -- anywhere anywhere tcp dpt:xmpp-client Chain FORWARD (policy ACCEPT)target prot opt source destinationChain OUTPUT (policy ACCEPT)target prot opt source destinationACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED # iptables -t nat -LChain PREROUTING (policy ACCEPT)target prot opt source destination DNAT tcp -- anywhere savio tcp dpt:ftp to:192.168.1.3:21DNAT tcp -- anywhere savio tcp dpt:ftp-data to: 192.168.1.3:20DNAT tcp -- anywhere savio tcp dpts:5000:x11 to:192.168.1.3:5000-6000DNAT tcp -- anywhere savio tcp dpt:1 to: 192.168.1.3:1DNAT tcp -- anywhere anywhere tcp dpt:xmpp-client to:192.168.1.10:5222 Chain POSTROUTING (policy ACCEPT)target prot opt source destination SNAT all -- jabberd anywhere to:172.16.3.106Chain OUTPUT (policy ACCEPT) target prot opt source destination # telnet 192.168.1.10 5222Trying 192.168.1.10.. .Connected to 192.168.1.10.Escape character is '^]'.badstream:stream xmlns:stream=' http://etherx.jabber.org/streams' version=' 1.0'stream:error xmlns:stream='http://etherx.jabber.org/streams'xml-not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/text xmlns='urn:ietf:params:xml:ns:xmpp-streams'syntax error/text/stream:error/stream:streamConnection closed by foreign host. any network pc:jsubuntu:~$ telnet savio.unitecnologica.edu.co 5222Trying 200.106.130.230...telnet: Unable to connect to remote host: Connection refused-- Jairo Enrique Serrano Castañeda Ingeniero de Sistemas UTB T - http://www.jsnat.com - http://savio.unitecnologica.edu.coC - http://www.drupal.org.es - http://www.champetux.org -- Jairo Enrique Serrano CastañedaIngeniero de Sistemas UTBT - http://www.jsnat.com - http://savio.unitecnologica.edu.coC - http://www.drupal.org.es - http://www.champetux.org ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] HOWTO deal with NAT'ing firewalls and source-based routing with vservers
hello, this its my shell script to up the firewall, this machine are cobert by another firewall...any one see incorrect rules for my config??the ftp server have the same config and works... in the master server i can do #telnet 192.168.1.10 5222 but outside cant do ti. #!/bin/bash export SERVER_IP=x.x.x.x echo Aplicando IP_FORWARD modprobe ip_tables modprobe iptable_nat modprobe ip_conntrack modprobe ip_conntrack_ftp modprobe ip_conntrack_irc modprobe ip_nat_ftp modprobe ip_nat_irc modprobe ipt_MASQUERADE modprobe ipt_LOG modprobe ipt_REJECT modprobe ipt_state iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE echo 1 /proc/sys/net/ipv4/ip_forward echo echo Inicio vaciando las reglas iptables -F iptables -X iptables -Z echo echo Limpiar las reglas de nat. iptables -t nat -F echo echo Politicas por defecto. iptables -P OUTPUT ACCEPTiptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -t nat -P PREROUTING ACCEPT iptables -t nat -P POSTROUTING ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT echo # FTP iptables -t nat -I POSTROUTING -s 192.168.1.3 -j SNAT --to $SERVER_IP#Jabberd 2 iptables -t nat -I POSTROUTING -s 192.168.1.10 -j SNAT --to $SERVER_IPecho echo Reglas de NATeado echo echo FTP aplicado iptables -t nat -A PREROUTING -d $SERVER_IP -i eth0 -p tcp -m tcp --dport 21 -j DNAT --to-destination 192.168.1.3:21 iptables -t nat -A PREROUTING -d $SERVER_IP -i eth0 -p tcp -m tcp --dport 20 -j DNAT --to-destination 192.168.1.3:20 iptables -t nat -A PREROUTING -d $SERVER_IP -i eth0 -p tcp -m tcp --dport 5000:6000 -j DNAT --to-destination 192.168.1.3:5000-6000 echo echo Jabberd2 aplicado #iptables -t nat -A PREROUTING -d $SERVER_IP -i eth0 -p tcp -m tcp --dport 5222 -j DNAT --to-destination 192.168.1.10:5222 iptables -t nat -A PREROUTING -p tcp --dport 5222 -i eth0 -j DNAT --to 192.168.1.10:5222 #iptables -t nat -A PREROUTING -d $SERVER_IP -i eth0 -p tcp -m tcp --dport 5223 -j DNAT --to-destination 192.168.1.10:5223 #iptables -t nat -A PREROUTING -d $SERVER_IP -i eth0 -p tcp -m tcp --dport 5269 -j DNAT --to-destination 192.168.1.10:5269 #iptables -t nat -A PREROUTING -d $SERVER_IP -i eth0 -p tcp -m tcp --dport 5280 -j DNAT --to-destination 192.168.1.10:5280 echo Thanks :)-- Jairo Enrique Serrano CastañedaIngeniero de Sistemas UTBT - http://www.jsnat.com - http://savio.unitecnologica.edu.coC - http://www.drupal.org.es - http://www.champetux.org ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] HOWTO deal with NAT'ing firewalls and source-based routing with vservers
Jabberd Virtual Server: jabberd:/# netstat -taActive Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 jabberd.unitecnolo:5347 *:* LISTENtcp 0 0 jabberd.uni:xmpp-client *:* LISTEN tcp 0 0 jabberd.unitecnol:mysql *:* LISTENtcp 0 0 jabberd.uni:xmpp-server *:* LISTENtcp 0 0 jabberd.unitecnolo:5347 localhost:36402 ESTABLISHED tcp 0 0 jabberd.unitecnolo:5347 localhost:36403 ESTABLISHEDtcp 0 0 jabberd.unitecnolo:5347 localhost:36400 ESTABLISHEDtcp 0 0 jabberd.unitecnolo:5347 localhost:36401 ESTABLISHED tcp 0 0 localhost:36400 jabberd.unitecnolo:5347 ESTABLISHEDtcp 0 0 localhost:36401 jabberd.unitecnolo:5347 ESTABLISHEDtcp 0 0 localhost:36402 jabberd.unitecnolo :5347 ESTABLISHEDtcp 0 0 localhost:36403 jabberd.unitecnolo:5347 ESTABLISHEDMain Server: # iptables -LChain INPUT (policy ACCEPT)target prot opt source destinationACCEPT all -- anywhere anywhere state RELATED,ESTABLISHEDACCEPT tcp -- anywhere anywhere tcp dpt:xmpp-client Chain FORWARD (policy ACCEPT)target prot opt source destinationChain OUTPUT (policy ACCEPT)target prot opt source destinationACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED # iptables -t nat -LChain PREROUTING (policy ACCEPT)target prot opt source destination DNAT tcp -- anywhere savio tcp dpt:ftp to:192.168.1.3:21DNAT tcp -- anywhere savio tcp dpt:ftp-data to: 192.168.1.3:20DNAT tcp -- anywhere savio tcp dpts:5000:x11 to:192.168.1.3:5000-6000DNAT tcp -- anywhere savio tcp dpt:1 to: 192.168.1.3:1DNAT tcp -- anywhere anywhere tcp dpt:xmpp-client to:192.168.1.10:5222Chain POSTROUTING (policy ACCEPT)target prot opt source destination SNAT all -- jabberd anywhere to:172.16.3.106Chain OUTPUT (policy ACCEPT)target prot opt source destination # telnet 192.168.1.10 5222Trying 192.168.1.10.. .Connected to 192.168.1.10.Escape character is '^]'.badstream:stream xmlns:stream='http://etherx.jabber.org/streams' version=' 1.0'stream:error xmlns:stream='http://etherx.jabber.org/streams'xml-not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/text xmlns='urn:ietf:params:xml:ns:xmpp-streams'syntax error/text/stream:error/stream:streamConnection closed by foreign host. any network pc:jsubuntu:~$ telnet savio.unitecnologica.edu.co 5222Trying 200.106.130.230...telnet: Unable to connect to remote host: Connection refused-- Jairo Enrique Serrano CastañedaIngeniero de Sistemas UTB T - http://www.jsnat.com - http://savio.unitecnologica.edu.coC - http://www.drupal.org.es - http://www.champetux.org ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] HOWTO deal with NAT'ing firewalls and source-based routing with vservers
table vserver ip route add default dev eth0 table vserver ip route add 192.168.1.0/24 dev eth1 table vserver fi fi and make /etc/network/if-up.d/vserver executable: # chmod 0755 /etc/network/if-up.d/vserver Also make the script /etc/network/if-down.d/vserver: #!/bin/sh if [ $IFACE = dummy0 ]; then if ! egrep --quiet \--word-regexp \vserver /etc/iproute2/rt_tables; then echo You haven't created a vserver table \ in /etc/iproute2/rt_tables echo Try adding a line like '100 vserver' \ to /etc/iproute2/rt_tables exit 1 fi if [ ${MODE} = stop ]; then ip route del default dev eth0scope link table vserver ip route del 192.168.1.0/24 dev eth1scope link table vserver ip rule del from 192.168.2.0/24 lookup vserver fi fi and make it executable too: # chmod 0755 /etc/network/if-down.d/vserver Thats it. thanks, good work!best,Herbert -- --- Mfg. Regards, Mvh. Valdemar Lemche 127 Brännestadsvägen 297 93 Huaröd Sweden Phone: +46 44330423 ICQ#:28884381 Email: [EMAIL PROTECTED] Intuitive Software can easily be learned. You just have to work at it for a long time. - Ponder Stibbons, Unseen University ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver___Vserver mailing list Vserver@list.linux-vserver.orghttp://list.linux-vserver.org/mailman/listinfo/vserver-- Jairo Enrique Serrano Castañeda Ingeniero de Sistemas UTBT - http://www.jsnat.com - http://savio.unitecnologica.edu.coC - http://www.drupal.org.es - http://www.champetux.org ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Network problem
Hello, this its my first message to the list...im use Ubuntu server edition, and have a Linux sv0 2.6.12-vserver #1 SMP Thu Dec 15 15:46:41 COT 2005 x86_64 GNU/Linux recently compiled.mi network interface declared -- iface eth0 inet static address 172.16.3.102 netmask 255.255.255.0 network 172.16.3.0 broadcast 172.16.3.255 gateway 172.16.3.16 dns-nameservers 200.106.128.4 [EMAIL PROTECTED]:/usr/src$ cat /etc/vservers.conf# Configuration file for the vservers service# BACKGROUND=""># start the vservers on tty9, in background so the rest of the# boot process end earlyBACKGROUND="" [EMAIL PROTECTED]:/usr/src$ cat /etc/vservers/newvserver-vars# Configuration file for newvserver# See man newvserver for the variables that you can set here.#/etc/vserver/newvserver-vars # Architecture: overide on non-Debian host such as Redhat otherwise dpkg# will detect whether we are i386/powerpc/sparc/etc#ARCH=# Which debian distribution (Warning. unstable and testing distributions # change frequently so you can not expect it to work out of the box).DIST=breezy# Local or nearest location of a debian mirror (must include the /debian)MIRROR= http://archive.ubuntu.com/ubuntu/# Default network interface for vservers:INTERFACE=eth0# Package cachingPKGCACHE=1---[EMAIL PROTECTED]:/usr/src$ cat /etc/vservers/sv1/interfaces/0/dev eth0---[EMAIL PROTECTED]:/usr/src$ cat /etc/vservers/sv1/interfaces/0/ip192.168.1.2 kernel config ## Linux VServer#CONFIG_VSERVER_LEGACY=y# CONFIG_VSERVER_LEGACY_VERSION is not set# CONFIG_VSERVER_NGNET is not setCONFIG_VSERVER_PROC_SECURE=yCONFIG_VSERVER_HARDCPU=yCONFIG_VSERVER_HARDCPU_IDLE=y # CONFIG_INOXID_NONE is not set# CONFIG_INOXID_UID16 is not set# CONFIG_INOXID_GID16 is not setCONFIG_INOXID_UGID24=y# CONFIG_INOXID_INTERN is not set# CONFIG_INOXID_RUNTIME is not set# CONFIG_XID_TAG_NFSD is not set # CONFIG_VSERVER_DEBUG is not set[EMAIL PROTECTED]:/# ping 66.94.234.13PING 66.94.234.13 ( 66.94.234.13) 56(84) bytes of data.--- 66.94.234.13 ping statistics ---2 packets transmitted, 0 received, 100% packet loss, time 1000ms[EMAIL PROTECTED]:/# ping google.com[EMAIL PROTECTED]:/# vi /etc/resolv.conf[EMAIL PROTECTED]:/# cat /etc/resolv.conf#search unitecnologica.edu.conameserver 200.106.130.235 [EMAIL PROTECTED]:/# cat /etc/network/interfaces# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or# /usr/share/doc/ifupdown/examples for more information.[EMAIL PROTECTED]:/# ifconfigeth0 Link encap:Ethernet HWaddr 00:11:25:1E:76:BA UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5483 errors:0 dropped:0 overruns:0 frame:0 TX packets:746 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:568480 (555.1 KiB) TX bytes:115507 (112.7 KiB) Interrupt:24i have dns problems in the virtual server 1, how do it?any fault in the config??? -- Jairo Enrique Serrano CastañedaIngeniero de Sistemas UTBhttp://www.jsnat.comhttp://www.drupal.org.es ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Network problem
not unexpected, unless your router (172.16.3.16) also masquerades private addresses like 192.168.1.2my unusual router are 172.16.3.16 how do it?simple:iptables -t nat -I POSTROUTING -s 192.168.1.2 -j SNAT --to 172.16.3.102i have a real network ip of my lan... 172.16.3.103, i do a ip alias# Original iface eth0 inet static address 172.16.3.102 netmask 255.255.255.0 network 172.16.3.0 broadcast 172.16.3.255 gateway 172.16.3.16 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 200.106.128.4#aliasiface eth0:1 inet static address 172.16.3.103 netmask 255.255.255.0 network 172.16.3.0 broadcast 172.16.3.255 gateway 172.16.3.16 dns-nameservers 200.106.128.4in the virtual server have:[EMAIL PROTECTED]:/# routeKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface 172.16.3.0 * 255.255.255.0 U 0 0 0 eth0default 172.16.3.16 0.0.0.0 UG 0 0 0 eth0 default 172.16.3.16 0.0.0.0 UG 0 0 0 eth0in the Host server have:[EMAIL PROTECTED]:~$ routeKernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Ifacelocalnet * 255.255.255.0 U 0 0 0 eth0default 172.16.3.16 0.0.0.0 UG 0 0 0 eth0default 172.16.3.16 0.0.0.0 UG 0 0 0 eth0 looks equal...the two ips are functional...[EMAIL PROTECTED]:~$ ping 172.16.3.102 PING 172.16.3.102 (172.16.3.102) 56(84) bytes of data.64 bytes from 172.16.3.102: icmp_seq=1 ttl=64 time=0.023 ms64 bytes from 172.16.3.102: icmp_seq=2 ttl=64 time=0.007 ms--- 172.16.3.102 ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.007/0.015/0.023/0.008 ms[EMAIL PROTECTED]:~$ ping 172.16.3.103 PING 172.16.3.103 (172.16.3.103) 56(84) bytes of data.64 bytes from 172.16.3.103: icmp_seq=1 ttl=64 time=0.018 ms64 bytes from 172.16.3.103: icmp_seq=2 ttl=64 time=0.008 ms--- 172.16.3.103 ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.008/0.013/0.018/0.005 msbut not resolv functional... any fault in the config???no, looks fine, although I'd add a prefix (e.g.containing 24) to the interfaces/0HTH,Herbert -- Jairo Enrique Serrano Castañeda Ingeniero de Sistemas UTB http://www.jsnat.com http://www.drupal.org.es ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Jairo Enrique Serrano CastañedaIngeniero de Sistemas UTBhttp://www.jsnat.comhttp://www.drupal.org.es ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Network problem
2005/12/19, Herbert Poetzl [EMAIL PROTECTED]: On Mon, Dec 19, 2005 at 01:00:48PM -0500, Jairo Enrique Serrano Castañeda wrote:not unexpected, unless your router (172.16.3.16) also masquerades private addresses like 192.168.1.2 my unusual router are 172.16.3.16 how do it? simple: iptables -t nat -I POSTROUTING -s 192.168.1.2 -j SNAT --to 172.16.3.102 i have a real network ip of my lan... 172.16.3.103 , i do a ip alias # Original iface eth0 inet static address 172.16.3.102 netmask 255.255.255.0 network 172.16.3.0 broadcast 172.16.3.255 gateway 172.16.3.16 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 200.106.128.4 #alias iface eth0:1 inet static address 172.16.3.103 netmask 255.255.255.0 network 172.16.3.0 broadcast 172.16.3.255 gateway 172.16.3.16the second gateway is confusing ... at least it mightgive strange results for 'different' gateways/networks dns-nameservers 200.106.128.4 in the virtual server have: [EMAIL PROTECTED]:/# route Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 172.16.3.0* 255.255.255.0 U 000 eth0 default 172.16.3.16 0.0.0.0 UG000 eth0 default 172.16.3.16 0.0.0.0 UG000 eth0 in the Host server have: [EMAIL PROTECTED]:~$ route Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface localnet* 255.255.255.0 U 000 eth0 default 172.16.3.16 0.0.0.0 UG000 eth0 default 172.16.3.16 0.0.0.0 UG000 eth0 looks equal...yep, should be fine too, your last email contained a guest setup with 192.168.x.x though ...sorry for the change... in not know to do... ;) the two ips are functional... [EMAIL PROTECTED]:~$ ping 172.16.3.102 PING 172.16.3.102 (172.16.3.102) 56(84) bytes of data. 64 bytes from 172.16.3.102: icmp_seq=1 ttl=64 time= 0.023 ms 64 bytes from 172.16.3.102: icmp_seq=2 ttl=64 time=0.007 ms --- 172.16.3.102 ping statistics ---as you see, this doesn't tell anything, it just contacts localhost, and the packet is transmittedvia the loopback device (does not even hit thenetwork or router) 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.007/0.015/0.023/0.008 ms [EMAIL PROTECTED]:~$ ping 172.16.3.103 PING 172.16.3.103 (172.16.3.103) 56(84) bytes of data. 64 bytes from 172.16.3.103: icmp_seq=1 ttl=64 time= 0.018 ms 64 bytes from 172.16.3.103: icmp_seq=2 ttl=64 time=0.008 ms --- 172.16.3.103 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.008/0.013/0.018/0.005 ms try the following (on the host) just to verify that your router is doing the proper stuff: ping -c 2 -I 172.16.3.102 www.google.com-- in the server..[EMAIL PROTECTED]:/home/savio# ping -c 2 -I 172.16.3.102 www.google.comPING www.l.google.com ( 64.233.187.104) from 172.16.3.102 : 56(84) bytes of data.64 bytes from 64.233.187.104: icmp_seq=1 ttl=242 time=159 ms64 bytes from 64.233.187.104: icmp_seq=2 ttl=242 time=213 ms--- www.l.google.com ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 1002msrtt min/avg/max/mdev = 159.191/186.328/213.466/27.140 ms--in the vserver...[EMAIL PROTECTED]:/home/savio# vserver sv1 enter mesg: /dev/pts/0: Operation not permitted[EMAIL PROTECTED]:/# ping -c 2 -I 172.16.3.102 www.google.comping: unknown host www.google.com:( dont works...-- ping -c 2 -I 172.16.3.103 www.google.comif one of those fails (or both) then something isbroken with your routeri try to see in the router (not work with that - the firewall administrator its other people...) but not resolv functional...verify that /etc/resolv.conf has proper nameserver entries inside the guest (i.e. very likely the sameones you have on the host)server:[EMAIL PROTECTED]:/home/savio# cat /etc/resolv.confnameserver 200.106.128.4 vserver:[EMAIL PROTECTED]:/# cat /etc/resolv.confnameserver 200.106.128.4 HTH,Herbert any fault in the config??? no, looks fine, although I'd add a prefix (e.g. containing 24) to the interfaces/0 HTH, Herbert Thanks a lot for your help!-- Jairo Enrique Serrano CastañedaIngeniero de Sistemas UTBhttp://www.jsnat.com http://www.drupal.org.es ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Network problem
WORKs!!THANKS! a LOT men!!!:)---iptables -t nat -I POSTROUTING -s 172.16.3.103 -j SNAT --to 172.16.3.102---the [EMAIL PROTECTED]@%/$ router! not help me!-- Jairo Enrique Serrano Castañeda Ingeniero de Sistemas UTBhttp://www.jsnat.comhttp://www.drupal.org.es ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver