Connection refused when connecting to itself

[Ventzy]

I have installed Proxmox 3.1 and OpenVZ container with apache. I have redirected traffic on port 80 to that instance with

iptables -t nat -A PREROUTING -p TCP -i eth0 --dport 80 -j DNAT --to 10.0.0.3:80

When I am logged on the host or in the container and execute telnet 1.1.1.1 80 where 1.1.1.1 is my public IP assigned to the host, I get "Connection refused".

If I am logged from another server and execute the same command, connection is established, so the problem is only when connection is from host to itself. The same thing happens with other ports too, but ssh connection with telnet 1.1.1.1 22 is OK.

Is there some Proxmox settings that can cause this? Is there some software (firewall for example) in default Proxmox installations that can cause this?

 

[udo]

I have installed Proxmox 3.1 and OpenVZ container with apache. I have redirected traffic on port 80 to that instance with

iptables -t nat -A PREROUTING -p TCP -i eth0 --dport 80 -j DNAT --to 10.0.0.3:80

When I am logged on the host or in the container and execute telnet 1.1.1.1 80 where 1.1.1.1 is my public IP assigned to the host, I get "Connection refused".

If I am logged from another server and execute the same command, connection is established, so the problem is only when connection is from host to itself. The same thing happens with other ports too, but ssh connection with telnet 1.1.1.1 22 is OK.

Is there some Proxmox settings that can cause this? Is there some software (firewall for example) in default Proxmox installations that can cause this?

Hi,
I guess it's because you use as interface eth0 and the IP is bound to vmbr0?!

Udo

 

[Ventzy]

Hi,
I guess it's because you use as interface eth0 and the IP is bound to vmbr0?!

Udo

Hello Udo,

Probably you are right. Here is my /etc/network/interfaces

auto lo
iface lo inet loopback


auto eth0
iface eth0 inet static
        address  1.1.1.1
        netmask  255.255.255.240
        gateway  2.2.2.2
        post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

auto vmbr0
iface vmbr0 inet static
        address  10.0.0.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0


        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.0.0.0/16' -o eth0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/16' -o eth0 -j MASQUERADE

And here is for one container

auto lo
iface lo inet loopback


# Auto generated venet0 interface
auto venet0
iface venet0 inet manual
        up ifconfig venet0 up
        up ifconfig venet0 127.0.0.2
        up route add default dev venet0
        down route del default dev venet0
        down ifconfig venet0 down

iface venet0 inet6 manual
        up route -A inet6 add default dev venet0
        down route -A inet6 del default dev venet0


auto venet0:0
iface venet0:0 inet static
        address 10.0.0.3
        netmask 255.255.255.255

The server has two NICs. I haven't enough knowledge to understand all implication of this setup. If this is the reason of my problem, how can I fix it? Thanks.

 

[m.ardito]

the eth bound to vmbr should not be configured, at all (just inet manual)

the vmbr rules it

see http://pve.proxmox.com/wiki/Network_Model

Marco

 

[Ventzy]

Sorry, I don't undestand what do you mean by

the eth bound to vmbr should not be configured, at all (just inet manual)

To be more clear, I have one public IP - 1.1.1.1 and containers with 10.0.0.X and I am forwarding 1.1.1.1:80 to 10.0.0.1:80 for example.

I have tried "Routed Configuration" from http://pve.proxmox.com/wiki/Network_Model but result is the same.

 

[Ventzy]

Anyone? I cannot make it work