On Mon, Aug 02, 2004 at 09:28:28PM +0200, Michael Ganzhorn wrote: > Herbert Poetzl schrieb: > > >On Fri, Jul 30, 2004 at 10:06:34AM +0200, Michael Ganzhorn wrote: > > > >>Hi there, > >> > >>I have got a problem within a running vserver instance. I can connect > >>to the vserver via ping, ssh, telnet, ... but from inside the vserver > >>instance i only can ping other systems, no chance to ssh or telnet to > >>other systems. > > > >>Do you have an idea what could be the reason??? > > > - Kernel: 2.4.26 > - linux-vserver patch 2.4.26 vsl 28 > - util-vserver-0.30 > > -vserver-config: > if [ "" = "" ] ; then > PROFILE=prod > fi > > case $PROFILE in > prod) > IPROOT=10.1.1.40 > IPROOTDEV=eth0 > S_HOSTNAME=raynix > ;; > backup) > IPROOT=1.2.3.4 > S_HOSTNAME= > ;; > esac > S_DOMAINNAME= > S_NICE= > S_FLAGS="lock nproc" > ULIMIT="-HS -u 1000" > S_CAPS="CAP_NET_RAW CAP_SYS_RAWIO CAP_SYS_RESOURCE CAP_SYS_ADMIN > CAP_SYS_MODULE CAP_NET_BROADCAST CAP_NET_ADMIN CAP_MKNOD"
hmm, I hope you are not using linux-vserver to enhance security, because this selection of capabilities does not leave any security feature intact ... (JFYI) > - Network on the host: > eth0 Protokoll:Ethernet Hardware Adresse 00:A0:CC:61:56:84 > inet Adresse:10.1.1.1 Bcast:10.1.1.255 Maske:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:10069614 errors:1 dropped:0 overruns:0 frame:0 > TX packets:21880805 errors:0 dropped:0 overruns:0 carrier:0 > Kollisionen:0 Sendewarteschlangenlänge:1000 > RX bytes:1187497970 (1.1 GiB) TX bytes:3734077679 (3.4 GiB) > Interrupt:11 Basisadresse:0xd800 > > eth0:rayn Protokoll:Ethernet Hardware Adresse 00:A0:CC:61:56:84 > inet Adresse:10.1.1.40 Bcast:10.1.1.255 Maske:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:11 Basisadresse:0xd800 > > eth1 Protokoll:Ethernet Hardware Adresse 00:0E:A6:5B:6C:48 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:4592318 errors:0 dropped:0 overruns:0 frame:0 > TX packets:4580858 errors:0 dropped:0 overruns:0 carrier:0 > Kollisionen:11614 Sendewarteschlangenlänge:1000 > RX bytes:1193318894 (1.1 GiB) TX bytes:2125739076 (1.9 GiB) > Interrupt:11 Basisadresse:0xa800 > > lo Protokoll:Lokale Schleife > inet Adresse:127.0.0.1 Maske:255.0.0.0 > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:2551382 errors:0 dropped:0 overruns:0 frame:0 > TX packets:2551382 errors:0 dropped:0 overruns:0 carrier:0 > Kollisionen:0 Sendewarteschlangenlänge:0 > RX bytes:1543417633 (1.4 GiB) TX bytes:1543417633 (1.4 GiB) > > ppp0 Protokoll:Punkt-zu-Punkt Verbindung > inet Adresse:217.230.22.108 P-z-P:217.5.98.33 > Maske:255.255.255.255 > UP PUNKTZUPUNKT RUNNING NOARP MULTICAST MTU:1492 Metric:1 > RX packets:8036 errors:0 dropped:0 overruns:0 frame:0 > TX packets:6765 errors:0 dropped:0 overruns:0 carrier:0 > Kollisionen:0 Sendewarteschlangenlänge:3 > RX bytes:2100918 (2.0 MiB) TX bytes:608999 (594.7 KiB) > > -ssh works on host in the local net, but not outside, nat seams not to > work but i don`t know why, its setup the same way than for the other > hosts (the firewall is running on the same machine). this looks like you want to use the local address from eth0 (10.1.1.40) for outgoing traffic over a different network (like 217.230.22.108/217.5.98.33) if you are trying to use masquerading (-j MASQUERADE) you are using the wrong method. it will work if you setup proper SNAT in the POSTROUTING chain ... see the documentation on linux-vserver.org (More DOcumentation, last few entries regarding net) especially the following posting: http://list.linux-vserver.org/archive/vserver/msg06667.html > On other problem i have, i need to run a xserver on the host but its > not working hmm, well, any hints what is not working? HTH, Herbert > >>I checked also my firewall settings, but found nothing special. > > > >- what the fw settings are > >- what tcpdump on a 'failing' ssh/telnet looks like > > > >TIA, > >Herbert _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
