Feb 9 12:30:30 server kernel: OUTROUTEIN= OUT=lo SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=14753 DF PROTO=TCP SPT=42145 DPT=80 SEQ=3647414246 ACK=0 WINDOW=32792 RES=0x00 SYN URGP=0 Feb 9 12:30:30 server kernel: OUTPUTIN= OUT=lo SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=14753 DF PROTO=TCP SPT=42145 DPT=80 SEQ=3647414246 ACK=0 WINDOW=32792 RES=0x00 SYN URGP=0 Feb 9 12:30:30 server kernel: POSTROUTEIN= OUT=lo SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=14753 DF PROTO=TCP SPT=42145 DPT=80 SEQ=3647414246 ACK=0 WINDOW=32792 RES=0x00 SYN URGP=0 Feb 9 12:30:30 server kernel: INPUTIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=14753 DF PROTO=TCP SPT=42145 DPT=80 SEQ=3647414246 ACK=0 WINDOW=32792 RES=0x00 SYN URGP=0 Feb 9 12:30:30 server kernel: OUTPUTIN= OUT=lo SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=40 TOS=0x10 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=80 DPT=42145 SEQ=0 ACK=3647414247 WINDOW=0 RES=0x00 ACK RST URGP=0 Feb 9 12:30:30 server kernel: INPUTIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=40 TOS=0x10 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=80 DPT=42145 SEQ=0 ACK=3647414247 WINDOW=0 RES=0x00 ACK RST URGP=0
my log rule in postroute is triggered bu not he one i put in prerouting is it normal that traffic on "lo" bypass PREROUTING or do i made a mistake here ?
Chain PREROUTING (policy ACCEPT 4601 packets, 239K bytes) pkts bytes target prot opt in out source destination 0 0 pre10.11.1.1 all -- lo * 0.0.0.0/0 my.pub.lic.ip 1389 79355 pre10.11.1.1 all -- * * 0.0.0.0/0 my.pub.lic.ip regards, Ghislain. server:/usr/local/.aqadmin/home%(aqadmin)> ifconfig eth0 Lien encap:Ethernet HWaddr 00:30:48:80:35:98 inet adr:my.pub.lic.ip Bcast:my.public.net.255 Masque:255.255.255.240 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:50547354 errors:0 dropped:0 overruns:0 frame:0 TX packets:46120605 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:100 RX bytes:967618327 (922.7 MiB) TX bytes:208844340 (199.1 MiB) Adresse de base:0xb000 Mémoire:f0000000-f0020000 eth0:1111 Lien encap:Ethernet HWaddr 00:30:48:80:35:98 inet adr:10.11.1.1 Bcast:0.0.0.0 Masque:255.255.255.255 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Adresse de base:0xb000 Mémoire:f0000000-f0020000 lo Lien encap:Boucle locale inet adr:127.0.0.1 Masque:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:188383 errors:0 dropped:0 overruns:0 frame:0 TX packets:188383 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:0 RX bytes:24591743 (23.4 MiB) TX bytes:24591743 (23.4 MiB) server:/usr/local/.aqadmin/home%(aqadmin)> sudo iptables -L -vn Chain INPUT (policy ACCEPT 51M packets, 30G bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 46M packets, 3496M bytes) pkts bytes target prot opt in out source destination server:/usr/local/.aqadmin/home%(aqadmin)> sudo iptables -L -vn -t nat Chain PREROUTING (policy ACCEPT 4601 packets, 239K bytes) pkts bytes target prot opt in out source destination 666 34304 pre10.11.1.1 all -- * * 0.0.0.0/0 my.pub.lic.ip Chain POSTROUTING (policy ACCEPT 9432 packets, 644K bytes) pkts bytes target prot opt in out source destination 8 518 post10.11.1.1 all -- * * 10.11.1.1 !10.11.1.1 Chain OUTPUT (policy ACCEPT 34439 packets, 2175K bytes) pkts bytes target prot opt in out source destination Chain post10.11.1.1 (1 references) pkts bytes target prot opt in out source destination 74 4562 SNAT all -- * * 0.0.0.0/0 0.0.0.0/0 to:my.pub.lic.ip Chain pre10.11.1.1 (1 references) pkts bytes target prot opt in out source destination 666 34304 DNAT all -- * * 0.0.0.0/0 0.0.0.0/0 to:10.11.1.1 server:/usr/local/.aqadmin/home%(aqadmin)> telnet my.pub.lic.ip 80 Trying my.pub.lic.ip... telnet: Unable to connect to remote host: Connection refused server:/usr/local/.aqadmin/home%(aqadmin)> telnet 10.11.1.1 80 Trying 10.11.1.1... Connected to 10.11.1.1. Escape character is '^]'. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://notebl01.aqserver.net/apache2-default/">here</a>.</p> <hr> <address>Apache/2.0.54 (Debian GNU/Linux) </address> </body></html> Connection closed by foreign host. server:/usr/local/.aqadmin/home%(aqadmin)> sudo sysctl -a |grep forward net.ipv4.conf.eth0.mc_forwarding = 0 net.ipv4.conf.eth0.forwarding = 1 net.ipv4.conf.lo.mc_forwarding = 0 net.ipv4.conf.lo.forwarding = 1 net.ipv4.conf.default.mc_forwarding = 0 net.ipv4.conf.default.forwarding = 1 net.ipv4.conf.all.mc_forwarding = 0 net.ipv4.conf.all.forwarding = 1 net.ipv4.ip_forward = 1 I got this on the logs:Feb 9 12:30:30 server kernel: OUTROUTEIN= OUT=lo SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=14753 DF PROTO=TCP SPT=42145 DPT=80 SEQ=3647414246 ACK=0 WINDOW=32792 RES=0x00 SYN URGP=0 Feb 9 12:30:30 server kernel: OUTPUTIN= OUT=lo SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=14753 DF PROTO=TCP SPT=42145 DPT=80 SEQ=3647414246 ACK=0 WINDOW=32792 RES=0x00 SYN URGP=0 Feb 9 12:30:30 server kernel: POSTROUTEIN= OUT=lo SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=14753 DF PROTO=TCP SPT=42145 DPT=80 SEQ=3647414246 ACK=0 WINDOW=32792 RES=0x00 SYN URGP=0 Feb 9 12:30:30 server kernel: INPUTIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=14753 DF PROTO=TCP SPT=42145 DPT=80 SEQ=3647414246 ACK=0 WINDOW=32792 RES=0x00 SYN URGP=0 Feb 9 12:30:30 server kernel: OUTPUTIN= OUT=lo SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=40 TOS=0x10 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=80 DPT=42145 SEQ=0 ACK=3647414247 WINDOW=0 RES=0x00 ACK RST URGP=0 Feb 9 12:30:30 server kernel: INPUTIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=40 TOS=0x10 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=80 DPT=42145 SEQ=0 ACK=3647414247 WINDOW=0 RES=0x00 ACK RST URGP=0
seems that it does not NAT for lo ? regards, Ghislain.
Hello,I have some trouble with the routing between host and guest. I have guest having a 10.x ip and a public ip different from the host public IP. I have setup DNAT and SNAT between the 10.x and guest publicip and it works from outside but i cannot telnet port 80 into my guest from the host nor telnet on my guest public ip from inside the guest itself. Anyone can point a little "how-to" on this i googled but failed to find one ?using 2.16.19.2 with 2.2.0rc10 patch on debian ------------------------------------------------------------------------ _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver