On Fri, Dec 17, 2004 at 06:47:11PM +0100, Vincenzo Agosto wrote: > Herbert Poetzl wrote: > >On Tue, Dec 14, 2004 at 05:45:08PM +0100, Vincenzo Agosto wrote: > > > >>Darryl Ross wrote: > >> > >>>Vincenzo Agosto wrote: > >>> > >>>| and nothing... > >>>| but ping ftp2.it.debian.org is OK > >>>| Some idea? > >>> > >>>I have found that pings always seem to come from the real IP address of > >>>the machine, not the vserver IP address. That would be why the pings > >>>work. > >>> > >>>Do you have a firewall rule in place to NAT traffic from the vserver IP > >>>address to the real IP address? > >>> > >>>Regards > >>>Darryl > >> > >>nope, nothing rule > >> > >>iptables -t nat -L > >>Chain PREROUTING (policy ACCEPT) > >>target prot opt source destination > >> > >>Chain POSTROUTING (policy ACCEPT) > >>target prot opt source destination > >> > >>Chain OUTPUT (policy ACCEPT) > >>target prot opt source destination > > > > > >first, the nat table is not relevant for linux-vserver > >as there is nothing to 'forward'. > > > >second as it is very likely a configuration issue, what > >does a tcpdump on the 'host' show, when you do a simple > >connect to a web server (like: telnet google.com 80) > > > If, in my vserver do telnet www.google.com 80 this is the tcpdump > > tcpdump: listening on ppp0 > 18:38:14.626102 82.48.106.27.32769 > 81.74.224.227.domain: 41553+ A? > www.google.akadns.net. (39) (DF) > 18:38:14.678478 192.168.1.250.41613 > 66.102.11.99.www: S > 3858178163:3858178163(0) win 5808 <mss 1452,sackOK,timestamp 60170371 > 0,nop,wscale 0> (DF) [tos 0x10] > 18:38:17.669087 192.168.1.250.41613 > 66.102.11.99.www: S > 3858178163:3858178163(0) win 5808 <mss 1452,sackOK,timestamp 60170671 > 0,nop,wscale 0> (DF) [tos 0x10] > > Appear that the connection start from server to google but nothing > response from google to vserver!
yep, if google (or others) would respond to packets from local networks, they for sure would have a big problem ... > >third, what is your network setup, and what does your > >gateway (router) do/allow? > > > my network setup is > eth0 --> Dynamic ip > eth1 192.168.1.254 > eth1:condor: 192.168.1.250 > > in my vserver I have > route > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 192.168.100.1 * 255.255.255.255 UH 0 0 0 ppp0 > 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1 > default 192.168.100.1 0.0.0.0 UG 0 0 0 ppp0 > > in my server > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 192.168.100.1 * 255.255.255.255 UH 0 0 0 ppp0 > localnet * 255.255.255.0 U 0 0 0 eth1 > default 192.168.100.1 0.0.0.0 UG 0 0 0 ppp0 okay, I'd say you want a rule like this on your host: iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d ! 192.168.1.0/24 -j SNAT --to-source <dynamic-ip> HTH, Herbert > best regard > Vincenzo > > > > -- > ������������������������������������������������� > � .--. _ � > � |o_o | Vincenzo / \ � > � |:_/ | | () | � > � // \ \ | \_/ � > � (| | ) \ � > � /'\_ _/`\ \ � > � \___)=(___/ debian � > ������������������������������������������������� _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
