Problems with getting container access from internet

Lanlink · Jan 31, 2010

Hi,

I'm having a real problem trying to get my container to be accessable from the outside, I've followed everything I can find on the internet, but normally I get stuck at a stage because of my lack of experiance with linux.

(please note these aren't my actual IP's)

The setup:
The Proxmox server is setup in the following way:
Public IP: 86.6.170.70 (open to the internet without firewall) - Static IP assigned by MAC.
Private IP: 192.168.0.250 (behide another public ip, going through dir-655 router)

Using the following config file in /etc/network/interfaces

Code:

auto lo
iface lo inet loopback
auto eth0
iface eth inet static
 address 86.6.170.70
 netmask 255.255.252.0
 gateway 86.6.170.1
 
auto vmbr0
iface vmbr0 inet static
 address 86.6.170.70
 netmask 255.255.252.0
 gateway 86.6.170.1
 bridge_ports eth0
 bridge_stp off
 bridge_fd 0
 up route add -host 192.168.0.249 dev vmbr0
 
auto vmbr1
iface vmbr1 inet static
 address 192.168.0.250
 netmask 255.255.255.0
 gateway 192.168.0.1
 bridge_ports eth1
 bridge_stp off
 bridge_fd 0

I have created a container for Wifigator MX with the IP 192.168.0.249 - venet.

Currenlty I can access my proxmox base from the internal IP and public IP. The container I can access for the internal IP only.

I'm trying to setup it up the container so that it has access from the internet to its interface (webmin), but I've tried bridging the cards but failed (because I don't really know what I'm doing).

I'd be grateful if anyone could help.

udo · Jan 31, 2010

Hi,
you assign eth0 and vmbr0 the same ip-address!
Normaly eth0 shouldn't have a ip address. Like

Code:

auto eth0
iface eth0 inet static
        address  0.0.0.0
        netmask  0.0.0.0

auto vmbr0
iface vmbr0 inet static
    address  172.1.1.11
    netmask  255.255.255.0
    gateway  172.1.1.254
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0

Udo

Lanlink · Jan 31, 2010

I've made the changes you've suggested but it still doesn't bring me any closer to a solution of access the internet on the container.

I've also posted a log on the network restart, just incase you see something thats wrong, that I dont.

lanlink:~# /etc/init.d/networking restart
Reconfiguring network interfaces...SIOCDELRT: No such process
SIOCSIFNETMASK: Cannot assign requested address
Failed to bring up eth0.
Waiting for vmbr0 to get ready (MAXWAIT is 2 seconds).
if-up.d/mountnfs[vmbr0]: waiting for interface eth0 before doing NFS mounts (warning).
if-up.d/mountnfs[vmbr0]: waiting for interface vmbr1 before doing NFS mounts (warning).
device vmbr1 already exists; can't create bridge with the same name
run-parts: /etc/network/if-pre-up.d/bridge exited with return code 1
if-up.d/mountnfs[vmbr1]: waiting for interface eth0 before doing NFS mounts (warning).
done.

Config file is:

# network interface settings
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 0.0.0.0
netmask 0.0.0.0

auto vmbr0
iface vmbr0 inet static
address 86.6.170.70
netmask 255.255.252.0
gateway 86.6.170.1
bridge_ports eth0
bridge_stp off
bridge_fd 0
auto vmbr1
iface vmbr1 inet static
address 192.168.0.250
netmask 255.255.255.0
gateway 192.168.0.1
bridge_ports eth1
bridge_stp off
bridge_fd 0

udo · Jan 31, 2010

Hi,
i'm wonder about "Failed to bring up eth0.".

Can you reboot the server? Or bring down eth0 (ifconfig eth0 down) and restart than networking?

Udo

udo · Jan 31, 2010

Hi,
do you have only one official ip-address (86.6.170.70)?

If that's, you need nat between your vm and the host (and port-forwarding). If you have more, you must assign the vm a official address on vmbr0.

Udo

Lanlink · Jan 31, 2010

I've got 2 spare ip's (not included that one) which I can use, but they need to be configured by MAC code, to get their static IP.
How do I assigned the VM to an IP address?

I've restarted the server and did a network restart:

lanlink:~# /etc/init.d/networking restart
Reconfiguring network interfaces...SIOCSIFNETMASK: Cannot assign requested address
Failed to bring up eth0.
Waiting for vmbr0 to get ready (MAXWAIT is 2 seconds).
if-up.d/mountnfs[vmbr0]: waiting for interface eth0 before doing NFS mounts (warning).
if-up.d/mountnfs[vmbr0]: waiting for interface vmbr1 before doing NFS mounts (warning).
Waiting for vmbr1 to get ready (MAXWAIT is 2 seconds).
if-up.d/mountnfs[vmbr1]: waiting for interface eth0 before doing NFS mounts (warning).
done.

Lanlink · Jan 31, 2010

I've just tried the following guilde using shorewall: http://www.montanalinux.org/proxmox-ve-with-shorewall.html

But when I come to run shorewall check - I'm getting this error back, and I can't figure out why. I've also tried other ip addresses there too.

lanlink:~# shorewall check
Checking...
Initializing...
Determining Zones...
IPv4 Zones: net loc dmz
Firewall Zone: fw
Validating interfaces file...
WARNING: Invalid option (bridge) in record "dmz vmbr0 detect routeback,bridge"
Validating hosts file...
Pre-processing Actions...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Validating Policy file...
Determining Hosts in Zones...
net Zone: eth0:0.0.0.0/0
WARNING: Zone loc is empty
dmz Zone: venet0:0.0.0.0/0 vmbr0:0.0.0.0/0
Deleting user chains...
Checking /etc/shorewall/routestopped ...
Creating Interface Chains...
Checking Proxy ARP
Checking Common Rules
Adding Anti-smurf Rules
Checking TCP Flags checking...
Checking Kernel Route Filtering...
Checking Martian Logging...
Checking /etc/shorewall/rules...
ERROR: Invalid Action in rule "Web(DNAT) net loc:192.168.0.249 "

udo · Jan 31, 2010

Lanlink said:
I've got 2 spare ip's (not included that one) which I can use, but they need to be configured by MAC code, to get their static IP.

Hi,
if you use bridged ethernet with the vmbr0 you see in the webfrontend also the mac-address - for a kvm-vm. For openvz you can get the mac from the config eg. for vmid 120:

Code:

grep -i mac /etc/vz/conf/120.conf

This should be enough to get an offical ip, or not?

I'm no expert in shorewall - perhaps anybody else can answer to your other posting.

Udo

Lanlink · Jan 31, 2010

When in the bridge mode I can't seem to get the openvm to get access to the net. I.e even a ping.

What should happen is if a static ip hasn't been assigned to a mac code dhpc should take over to provide access until it's been setup with a static assignment.

I.e take my router that's set to dhcp, when the ISP detects the mac it returns the dhcp result with the static ip set to it's mac code.

So I guess what I need to know how do I set the openvm to take dhcp mode?

Thanks

Lanlink · Feb 2, 2010

Anyone able to help me out here? I'm really at a loss right now.

pille · Feb 4, 2010

Lanlink said:

Using the following config file in /etc/network/interfaces

Code:

auto lo
iface lo inet loopback
auto eth0
iface [B]eth[/B] inet static
 address 86.6.170.70
 netmask 255.255.252.0
 gateway 86.6.170.1
 
auto vmbr0
iface vmbr0 inet static
 address 86.6.170.70
 netmask 255.255.252.0
 gateway 86.6.170.1
 bridge_ports eth0
 bridge_stp off
 bridge_fd 0
 up route add -host 192.168.0.249 dev vmbr0
 
auto vmbr1
iface vmbr1 inet static
 address 192.168.0.250
 netmask 255.255.255.0
 gateway 192.168.0.1
 bridge_ports eth1
 bridge_stp off
 bridge_fd 0

besides your double assigned IP addresses i'm just wondering if this is a typo ("eth&quot

...

Lanlink · Feb 4, 2010

I've configured the file you've said, but the VM now cannot start; log error:

"synchronized failed to 193.55.167.2 stratum 2"

Container is mounted
Adding IP address(es): 192.168.0.249
RTNETLINK answers: File exists
vps-net_add ERROR: Unable to add route /sbin/ip route add 192.168.0.249 dev venet0
Container start failed
Stopping container ...
Container was stopped
Container is unmounted
VM 101 start failed -

Any idea on the next step to take?

Thanks for your help

dietmar · Feb 5, 2010

Lanlink said:
"synchronized failed to 193.55.167.2 stratum 2"

That is a 'ntp' error message - not related to VMs

Lanlink said:
vps-net_add ERROR: Unable to add route /sbin/ip route add 192.168.0.249

What is the output of

# ifconfig

and

# route -n

Lanlink · Feb 5, 2010

Code:

proxmox:~# route -n                                                             
Kernel IP routing table                                                         
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface   
192.168.0.249   0.0.0.0         255.255.255.255 UH    0      0        0 vmbr0   
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 vmbr1   
86.8.176.0      0.0.0.0         255.255.252.0   U     0      0        0 vmbr0   
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 vmbr1   
0.0.0.0         86.8.176.1      0.0.0.0         UG    0      0        0 vmbr0   
proxmox:~#

Sorry for the part output, I'm actually logged in to the server via online ssh, but it doesn't allow me to scroll up.
I'll get a complete output asap.
Also note that the IP address have also now changed.
Thanks

Code:

          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1            
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0                    
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0                  
          collisions:0 txqueuelen:0                                             
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)                                
                                                                                
vmbr0     Link encap:Ethernet  HWaddr 00:15:c5:e7:17:77                         
          inet addr:86.8.176.70  Bcast:86.8.179.255  Mask:255.255.252.0         
          inet6 addr: fe80::215:c5ff:fee7:1777/64 Scope:Link                    
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1                    
          RX packets:202 errors:0 dropped:0 overruns:0 frame:0                  
          TX packets:43 errors:0 dropped:0 overruns:0 carrier:0                 
          collisions:0 txqueuelen:0                                             
          RX bytes:12182 (11.8 KiB)  TX bytes:2274 (2.2 KiB)                    
                                                                                
vmbr1     Link encap:Ethernet  HWaddr 00:15:c5:e7:17:79                         
          inet addr:192.168.0.250  Bcast:192.168.0.255  Mask:255.255.255.0      
          inet6 addr: fe80::215:c5ff:fee7:1779/64 Scope:Link                    
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1                    
          RX packets:4853 errors:0 dropped:0 overruns:0 frame:0                 
          TX packets:2262 errors:0 dropped:0 overruns:0 carrier:0               
          collisions:0 txqueuelen:0                                             
          RX bytes:710137 (693.4 KiB)  TX bytes:916319 (894.8 KiB)

dietmar · Feb 5, 2010

Lanlink said:
Also note that the IP address have also now changed.

What??

Lanlink · Feb 5, 2010

The static IP address which was being used have now changed to 86.8.176.70.

Lanlink · Feb 5, 2010

Here is the whole Ifconfig output:

Code:

proxmox:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:15:c5:e7:17:77
          inet6 addr: fe80::215:c5ff:fee7:1777/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:28221 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9258 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1997212 (1.9 MiB)  TX bytes:699162 (682.7 KiB)
          Interrupt:16 Memory:f8000000-f8012800

eth1      Link encap:Ethernet  HWaddr 00:15:c5:e7:17:79
          inet6 addr: fe80::215:c5ff:fee7:1779/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:187215 errors:0 dropped:0 overruns:0 frame:0
          TX packets:68311 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:31205887 (29.7 MiB)  TX bytes:10002523 (9.5 MiB)
          Interrupt:16 Memory:f4000000-f4012800

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1378 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1378 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:287561 (280.8 KiB)  TX bytes:287561 (280.8 KiB)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

vmbr0     Link encap:Ethernet  HWaddr 00:15:c5:e7:17:77
          inet addr:86.8.176.70  Bcast:86.8.179.255  Mask:255.255.252.0
          inet6 addr: fe80::215:c5ff:fee7:1777/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:16953 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9252 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:873075 (852.6 KiB)  TX bytes:591912 (578.0 KiB)

vmbr1     Link encap:Ethernet  HWaddr 00:15:c5:e7:17:79
          inet addr:192.168.0.250  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::215:c5ff:fee7:1779/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:187198 errors:0 dropped:0 overruns:0 frame:0
          TX packets:68040 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:27730377 (26.4 MiB)  TX bytes:9531694 (9.0 MiB)

dietmar · Feb 6, 2010

Lanlink said:
Here is the whole Ifconfig output:

You changed the IP, so please can you post the error you get again?

Lanlink · Feb 6, 2010

The error is still the same. The openvm won't mount. Here are all the logs to help.

Tasks Syslog

command finished Abort
/usr/sbin/vzctl start 101
Starting container ...
Container is mounted
Adding IP address(es): 192.168.0.249
RTNETLINK answers: File exists
vps-net_add ERROR: Unable to add route /sbin/ip route add 192.168.0.249 dev venet0
Container start failed
Stopping container ...
Container was stopped
Container is unmounted
VM 101 start failed -

Feb 6 14:42:33 proxwww 30093 Starting new child 30093
Feb 6 14:42:36 pvedaemon 3274 apply settings to VM 101 on node 0 (localhost)
Feb 6 14:42:37 proxwww 30095 Starting new child 30095
Feb 6 14:42:37 pvedaemon 3274 VM 101 settings applied
Feb 6 14:42:39 pvedaemon 30099 starting VM 101 on node 0 (localhost)
Feb 6 14:42:39 kernel CT: 101: started
Feb 6 14:42:41 kernel CT: 101: stopped
Feb 6 14:42:41 pvedaemon 30099 VM 101 start failed -
Feb 6 14:43:30 proxwww 30158 Starting new child 30158
Feb 6 14:43:38 proxwww 30161 Starting new child 30161
Feb 6 14:44:25 proxwww 30161 update ticket
Feb 6 14:44:30 proxwww 30189 Starting new child 30189

dietmar · Feb 6, 2010

The whole picture does not fit. The 'route' output from your post does not match with your /etc/network/interfaces - or maybe I am confused.

Please reboot you server. Then post your network config /'etc/network/interfaces', the output of 'route' and 'ifconfig' (just to get a consistent picture).

Problems with getting container access from internet

New Member

Distinguished Member

New Member

Distinguished Member

Distinguished Member

New Member

New Member

Distinguished Member

New Member

New Member

Member

New Member

Proxmox Staff Member

New Member

Proxmox Staff Member

New Member

New Member

Proxmox Staff Member

New Member

Proxmox Staff Member