Tom Eastep wrote: > On 11/10/2013 4:56 AM, Johannes Graumann wrote: >> Hello, >> >> I am running a server with one external NIC and a bridge that serves a >> bunch of lxc containers. >> >> That bridge/NIC masqerades as the external NIC via a masq file entry. >> >> One of the lxc containers runs nginx and ports 80 and 443 from the >> external NIC are DNATed to that container. >> >> If I now try to use e.g the https URL of the EPEL repository from within >> one of the lxc containers, I get >>> Error: Cannot retrieve metalink for repository: epel. Please verify its >>> path and try again >> >> Changing the corresponding URL to "http" rather than "https" makes a yum >> call go through just fine. >> >> Is the firewalling setup to blame for this and if yes how to fix it? >> > > Not enough information to say. > Which URL are you using? https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=x86_64
> What does the DNS name resolve to? # dig https://mirrors.fedoraproject.org ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> https://mirrors.fedoraproject.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55617 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;https://mirrors.fedoraproject.org. IN A ;; AUTHORITY SECTION: fedoraproject.org. 300 IN SOA ns04.fedoraproject.org. hostmaster.fedoraproject.org. 953465112 3600 600 2419200 86400 ;; Query time: 29 msec ;; SERVER: 10.10.10.1#53(10.10.10.1) ;; WHEN: Mon Nov 11 03:31:59 2013 ;; MSG SIZE rcvd: 103 > Are you getting any 'Shorewall' messages when you try to connect? No. > It would be best if you forwarded the output of 'shorewall dump' Attached. > along with the information requested at > http://www.shorewall.net/support.htm#Guidelines. # /sbin/shorewall version 4.5.5.3 # ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 6c:62:6d:67:5f:a4 brd ff:ff:ff:ff:ff:ff inet 85.214.203.244/32 brd 85.214.203.244 scope global eth0 inet6 fe80::6e62:6dff:fe67:5fa4/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 6c:62:6d:67:5f:a5 brd ff:ff:ff:ff:ff:ff 4: tun0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0.tun0 state DOWN qlen 500 link/ether 46:a7:f3:d4:c3:5a brd ff:ff:ff:ff:ff:ff 5: br0.tun0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 46:a7:f3:d4:c3:5a brd ff:ff:ff:ff:ff:ff inet 10.10.10.1/24 brd 10.10.10.255 scope global br0.tun0 inet6 fe80::44a7:f3ff:fed4:c35a/64 scope link valid_lft forever preferred_lft forever 7: vethxSF5jF: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0.tun0 state UP qlen 1000 link/ether fe:ae:36:36:94:7a brd ff:ff:ff:ff:ff:ff inet6 fe80::fcae:36ff:fe36:947a/64 scope link valid_lft forever preferred_lft forever 10: vethcA52tp: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0.tun0 state UP qlen 1000 link/ether fe:4d:cd:60:19:48 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc4d:cdff:fe60:1948/64 scope link valid_lft forever preferred_lft forever 49: vethWEP842: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0.tun0 state UP qlen 1000 link/ether fe:a8:11:c2:2b:d2 brd ff:ff:ff:ff:ff:ff inet6 fe80::fca8:11ff:fec2:2bd2/64 scope link valid_lft forever preferred_lft forever # ip route show default via 85.214.192.1 dev eth0 10.10.10.0/24 dev br0.tun0 proto kernel scope link src 10.10.10.1 85.214.192.1 dev eth0 scope link Thank you for your time. Sincerely, Joh
shorewall_dump.txt.7z
Description: application/7z-compressed
------------------------------------------------------------------------------ November Webinars for C, C++, Fortran Developers Accelerate application performance with scalable programming models. Explore techniques for threading, error checking, porting, and tuning. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
