Hello Gang, Ive been having some serious problems with vservers and iptables!
Sometimes i need to had SNAT rules for my vservers to route outside the root server and, someother times, i cant access my vservers from the outside :o( Take this script for example: http://lms.ispgaya.pt/goodies/iptables On the server where i use it everything worked like a charm! Until.......i had to add support in the kernel for another NIC. [EMAIL PROTECTED] ~# lspci 00:00.0 Host bridge: Intel Corp.: Unknown device 2570 (rev 02) 00:01.0 PCI bridge: Intel Corp.: Unknown device 2571 (rev 02) 00:1d.0 USB Controller: Intel Corp.: Unknown device 24d2 (rev 02) 00:1d.1 USB Controller: Intel Corp.: Unknown device 24d4 (rev 02) 00:1d.2 USB Controller: Intel Corp.: Unknown device 24d7 (rev 02) 00:1d.3 USB Controller: Intel Corp.: Unknown device 24de (rev 02) 00:1d.7 USB Controller: Intel Corp.: Unknown device 24dd (rev 02) 00:1e.0 PCI bridge: Intel Corp. 82801BA/CA/DB PCI Bridge (rev c2) 00:1f.0 ISA bridge: Intel Corp.: Unknown device 24d0 (rev 02) 00:1f.1 IDE interface: Intel Corp.: Unknown device 24db (rev 02) 00:1f.3 SMBus: Intel Corp.: Unknown device 24d3 (rev 02) 00:1f.5 Multimedia audio controller: Intel Corp.: Unknown device 24d5 (rev 02) 01:00.0 VGA compatible controller: nVidia Corporation RIVA TNT2 Model 64 (rev 15) 02:05.0 Ethernet controller: 3Com Corporation: Unknown device 1700 (rev 12) 02:0a.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10) 02:0b.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10) 02:0d.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10) [EMAIL PROTECTED] ~# Since the 3com (gigabit builtin) ethernet device is unknown, i added support to it and recompiled the kernel. After rebooting the machine, i couldnt access any services on 192.168.3.81 (vserver called ciisp) from the outside). I disabled support for that NIC again, recompiled and rebooted....and everything went back to normal again! Can anybody help me with this? Is this "normal" behaviour? I also dont understand why some vservers need for me to -j SNAT --to root-server and others dont! Thanks in advance, +---------------------------------------- | Luís Miguel Ferreira da Silva | Network Administrator @ISPGaya | Instituto Superior Politécnico Gaya | Rua António Rodrigues da Rocha, 291/341 | Sto. Ovídio 4400-025 V. N. de Gaia | Tel: +351 223745730/3/5 | GSM: +351 912671471 +351 936371253 +---------------------------------------- ---------------------------------------------------------------- Este email foi enviado via o webmail do ISPGaya Instituto Superior Politécnico Gaya
binUQlPZuJsAl.bin
Description: Chave Pública PGP
_______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver