Add second IP address range to Host for use on VZ container

[jvalla]

I've searched through the forums and the OpenVZ forums and I can't find a solution.
I've been given a second ip range by my provider. I would like to use this range for new VZ Containers and should be accessible from the public internet. eth0 must be used.

My current /etc/network/interfaces

# network interface settings
auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
        address  xxx.xxx.xxx.98
        netmask  xxx.xxx.xxx.248
        gateway  xxx.xxx.xxx.97
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

My new subnet is xxx.xxx.xxx.112/29 - How do I add this to my system? Usable addresses start at 114. Do I have to add 114 to eth0?

Thank you in advance.

 

[jvalla]

Have been trying creating a vlan and bridging to it - this seems to allow me to ping in and around the proxmox host but not from a container out to the internet or vice versa.

Anyone else done this?

 

[jvalla]

I've wasted an entire day reading these forums LOL. Not one post with a straight answer here or at the OpenVZ forums. Is it really that difficult to add another IP range?

 

[udo]

Hi,
who do the routing for the new network range? You (on the old range) or your provider?

If your provider do the routing, it should be enough to use vmbr0 for the VM and use inside the vm an ip of the new range with the default route to the router (i guess .113).
If both IP-range run on eth0 you can only use one bridge, because you can only assign a device to one bride. For me it's not the clean way to use two networks on the same interface (without vlan-tagging).

Your proxmox-host don't need an ip of the new range.

Udo

 

[jvalla]

Hi,
who do the routing for the new network range? You (on the old range) or your provider?

If your provider do the routing, it should be enough to use vmbr0 for the VM and use inside the vm an ip of the new range with the default route to the router (i guess .113).
If both IP-range run on eth0 you can only use one bridge, because you can only assign a device to one bride. For me it's not the clean way to use two networks on the same interface (without vlan-tagging).

Your proxmox-host don't need an ip of the new range.

Udo

I can't access that ip from outside.

Thanks for your response Udo. I did as you suggested - I creaded a new OpenVZ container with ip xxx.xxx.xxx.115. This is the error I am getting when botting up the virtual machine.

/usr/sbin/vzctl start 101
Starting container ...
Container is mounted
Adding IP address(es): xxx.xxx.xxx.115
arpsend: can't get iface 'eth0' address : Cannot assign requested address
vps-net_add WARNING: arpsend -c 1 -w 1 -D -e xxx.xxx.xxx.115 eth0 FAILED
arpsend: can't get iface 'vmbr1' address : Cannot assign requested address
vps-net_add WARNING: arpsend -c 1 -w 1 -D -e xxx.xxx.xxx.115 vmbr1 FAILED
arpsend: can't get iface 'eth0' address : Cannot assign requested address
vps-net_add WARNING: arpsend -c 1 -w 1 -U -i xxx.xxx.xxx.115 -e xxx.xxx.xxx.115 eth0 FAILED
arpsend: can't get iface 'vmbr1' address : Cannot assign requested address
vps-net_add WARNING: arpsend -c 1 -w 1 -U -i xxx.xxx.xxx.115 -e xxx.xxx.xxx.115 vmbr1 FAILED
Setting CPU units: 1000
Setting CPUs: 1
Configure meminfo: 262144
Set hostname: newip.xxx.com
File resolv.conf was modified
Setting quota ugidlimit: 0
Container start in progress...
VM 101 started

 

[jvalla]

I also made this change to vz.conf

NEIGHBOUR_DEVS=all

Still can't ping or access container. Any type of manual routing I should setup?

 

[jvalla]

After some testing this morning, I realized that I can ping out of my vz server to the same ip range on the provider's network. I can't ping past any other outside addresses though.

 

[udo]

After some testing this morning, I realized that I can ping out of my vz server to the same ip range on the provider's network. I can't ping past any other outside addresses though.

Hi,
is the default-route right?

ip route

If you start tcpdump on the host (on interface eth0) you see only outgoing traffic for the new range, or also incomming (for external pings)?

Udo

 

[jvalla]

on proxmox host the default route is set to the original ip range xxx.xxx.xxx.98 with a gateway of xxx.xxx.xxx.97.

According to my provider the new range will also use the same gateway as above.

If I am doing it wrong I do not know how to set it.

 

[sircolin]

Sounds Like your provider is OHV ?

if so the answer is simples...

 

[jvalla]

Sounds Like your provider is OHV ?

if so the answer is simples...

What does that mean? OVH?

 

[jvalla]

This is exactly what I mean by complicated. Is it really this difficult? I will give somebody root access to my server just to show me how to do this.

 

[sircolin]

OVH is a french hosting company

who is the machine hosted with ?

my /etc/network/interfcaes

# network interface settings
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 188.xxx.2x7.190
netmask 255.255.255.0
gateway 188.xxx.2x7.254
broadcast 188.xxx.2x7.255

auto eth0:0
iface eth0:0 inet static
address 178.3x.xxx.240
netmask 255.255.255.255

iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
address 10.1.1.1

you don't have the bold entry's

that why things dont work have a read here to see if it suits your setup

Col

 

[jvalla]

OVH is a french hosting company

who is the machine hosted with ?

my /etc/network/interfcaes


you don't have the bold entry's

that why things dont work have a read here to see if it suits your setup

Col

Thanks for the response sisrcolon.

My eth0 is set to proxmox default. Must I change that as well or just add eth0:0?
Also will I need to make any routes?
Also will I need to change the setting is vz.conf?

Thanks.

 

[jvalla]

OVH is a french hosting company

who is the machine hosted with ?

my /etc/network/interfcaes


you don't have the bold entry's

that why things dont work have a read here to see if it suits your setup

Col

Thanks for the response sisrcolon.

My eth0 is set to proxmox default. Must I change that as well or just add eth0:0?
Also will I need to make any routes?
Also will I need to change the setting is vz.conf?
Do I create a bridge to eth0:0 (this doesn't work in gui).
I am still very lost.

This is my interfaces now

# network interface settings
auto lo
iface lo inet loopback

iface eth0 inet manual

auto eth0:0
iface eth0:0 inet static
address 216.2.xxx.114
netmask 255.255.255.255

iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
        address  216.1.xxx98
        netmask  255.255.255.248
        gateway  216.1.xxx.97
        bridge_ports eth0

Thanks. Still cant' ping internet from container. still can't ping in from internet.

 

[sircolin]

The above won't work because your have now no route to your upstream router

iface eth0 inet manual

expects some more information

Are you going to use a shorewall firewall, install openvpn and have a local network under the range 10.1.1.0/255 this would be a bridge where on openoz machines you could put in a 10.1.1.2 or a public address this would be using vmbro and would need to be natted.

get your interfaces files looking something like mine and confirm you can ping google

# network interface settings
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 216.1.xxx98
netmask 255.255.255.248
gateway 216.1.xxx.97
broadcast 216.1.xxx.255

iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
address 10.1.1.1

auto vmbr0
iface vmbr0 inet static
address 10.1.1.1
netmask 255.255.255.0
broadcast 10.255.255.255
bridge_ports none
bridge_stp off
bridge_fd 0

for this to work you will need to follow the link i gave you and install shorewall and as said there edit vz.conf you can have a look here
http://www.justcolin.co.uk/?p=25 this is what i follow when i reinstall from time to time. just ignore the raid stuff at the beginning

 

[jvalla]

The above won't work because your have now no route to your upstream router
expects some more information

Are you going to use a shorewall firewall, install openvpn and have a local network under the range 10.1.1.0/255 this would be a bridge where on openoz machines you could put in a 10.1.1.2 or a public address this would be using vmbro and would need to be natted.

get your interfaces files looking something like mine and confirm you can ping google

for this to work you will need to follow the link i gave you and install shorewall and as said there edit vz.conf you can have a look here
http://www.justcolin.co.uk/?p=25 this is what i follow when i reinstall from time to time. just ignore the raid stuff at the beginning

I've never said that I was going to use Shorewall or OpenVPN for anything. I just my second IP subnet to work to and from my VZ containers. That's it.

Two IP subnets
One NIC eth0
Both subnets require access to and from public internet into VZ Containers - That's it.

 

[sircolin]

I presume your first ip range all work in openvz machines and can get to the net and back , and the second range doesn't

If this is so this means you need to change your configuration if you want it to work.

Now Shorewall will make this happen, it will route the traffic to the right place and give you more options. like a firewall etc etc

As far as i know this is the only way to add a second subnet on a hosted machine with only 1 network card present.

Col

 

[jvalla]

Thanks.
I am willing to make whatever changes you tell me. I do not want to add Shorewall however.

You are correct about the configuration

ip subnet 1 is working
ip subnet 2 is no working

 

[sircolin]

I am willing to make whatever changes you tell me. I do not want to add Shorewall however.

Shorewall will make this happen, it will route the traffic to the right place and give you more options. like a firewall etc etc,

As far as i know this is the only way to add a second subnet on a hosted machine with only 1 network card present.

Col