openVZ network problem

  • Thread starter Thread starter arash.abghari
  • Start date Start date
A

arash.abghari

Guest
Hi,

I have created a container using Debian-5.0-standard template. The problem that I am facing is I can ping other computers on the LAN but I am not able to ping for example www.google.com. The network type on the guest is venet. Here are the specifications:

output of pveversion -v:

pve-manager: 1.1-3 (pve-manager/1.1/3718)
qemu-server: 1.0-10
pve-kernel: 2.6.24-5
pve-kvm: 83-1
pve-firmware: 1
vncterm: 0.9-1
vzctl: 3.0.23-1pve1
vzdump: 1.1-1
vzprocps: 2.0.11-1dso2
vzquota: 3.0.11-1dso1
------------------------

output of ifconfig on the guest:

o Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:944 (944.0 B) TX bytes:692 (692.0 B)

venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.1.92 P-t-P:192.168.1.92 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
---------------------------

output of ping www.google.com:
PING www.l.google.com (72.14.205.103) 56(84) bytes of data.
From 192.168.1.72 icmp_seq=2 Destination Host Unreachable
From 192.168.1.72 icmp_seq=3 Destination Host Unreachable
From 192.168.1.72 icmp_seq=4 Destination Host Unreachable

--- www.l.google.com ping statistics ---
7 packets transmitted, 0 received, +3 errors, 100% packet loss, time 6009ms
, pipe 3
--------------------------------

192.168.1.72 is the IP of the host and there is no firewall installed as well.

Thanks,

Arash

P.S. I forgot to mention that KVM VMs do access to internet and I can ping anywhere from them.
 
Last edited by a moderator:
Here is /etc/network/interface:

auto lo
iface lo inet loopback

auto vmbr0
iface vmbr0 inet static
address 192.168.1.72
netmask 255.255.255.0
gateway 192.168.1.1
bridge_ports eth0
bridge_stp off
bridge_fd 0
--------------------
 
here is the output of tcpdump:

12:33:48.868257 IP 192.168.1.92.47793 > 192.168.1.1.domain: 3141+ A? www.google.com. (32)
12:33:48.885827 arp who-has 192.168.1.92 tell 192.168.1.1
12:33:49.380930 arp reply 192.168.1.92 is-at 00:1d:72:a7:5a:35 (oui Unknown)
12:33:49.381074 IP 192.168.1.1.domain > 192.168.1.92.47793: 3141 5/4/0 CNAME www.l.google.com.,[|domain]
12:33:52.385139 IP 192.168.1.92.35358 > 192.168.1.1.domain: 22949+ PTR? 72.1.168.192.in-addr.arpa. (43)
12:33:52.397839 IP 192.168.1.1.domain > 192.168.1.92.35358: 22949 NXDomain 0/0/0 (43)
12:33:52.398148 IP 192.168.1.92.38709 > 192.168.1.1.domain: 30264+ PTR? 72.1.168.192.in-addr.arpa. (43)
12:33:52.411291 IP 192.168.1.1.domain > 192.168.1.92.38709: 30264 NXDomain 0/0/0 (43)
12:33:52.411510 IP 192.168.1.92.43565 > 192.168.1.1.domain: 52735+ PTR? 72.1.168.192.in-addr.arpa. (43)
12:33:52.429316 IP 192.168.1.1.domain > 192.168.1.92.43565: 52735 NXDomain 0/0/0 (43)
12:33:56.385087 IP 192.168.1.92.53969 > 192.168.1.1.domain: 58979+ PTR? 72.1.168.192.in-addr.arpa. (43)
12:33:56.398231 IP 192.168.1.1.domain > 192.168.1.92.53969: 58979 NXDomain 0/0/0 (43)
12:33:56.398413 IP 192.168.1.92.47410 > 192.168.1.1.domain: 5108+ PTR? 72.1.168.192.in-addr.arpa. (43)
12:33:56.411263 IP 192.168.1.1.domain > 192.168.1.92.47410: 5108 NXDomain 0/0/0 (43)
12:33:56.411466 IP 192.168.1.92.46085 > 192.168.1.1.domain: 15287+ PTR? 72.1.168.192.in-addr.arpa. (43)
12:33:56.424067 IP 192.168.1.1.domain > 192.168.1.92.46085: 15287 NXDomain 0/0/0 (43)

thanks,
 
Yes, that's true. I ping from the container and run tcpdump from the host. Then I grep the output of tcpdump with the container IP (192.168.1.92)
 
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 vmbr0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 vmbr0
 
That looks quite strange - and does not correspond to the config you posted above?? (does a reboot fix this?)
 
Hi,

Sorry for late response. restart didn't work. Here is the output after restart:

# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.92 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 vmbr0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 vmbr0

By the away, what is strange in the output? which field is wierd?
 
arash.abghari said:
By the away, what is strange in the output? which field is wierd?
Click to expand...

You have both eth0 and the vmbr0 defined.
You also have 2 default routes.

Sure there isn't a definition of something like

auto eth0
iface eth0 inet static
[etc]

in your /etc/network/interfaces ?

If so: get rid of it and reboot.
 
It's working now, thanks for your help.

wonderful product,

Arash
 
As you said it was eth0. I removed it and every thing got fixed.
 
Hi,

I've got exactly the same problem with a Ubuntu 8.04 guest. I'm running a fully patched Proxmox 1.3 host. The problem started after a brief Internet outage earlier tonight.

My guest can ping all machines in the same subnet but can't ping outside of my gateway. DNS resolution works fine. Other machines on the same subnet have no problems connecting (ping) to servers on the Internet.

This is a mail server, so it's a bit of an issue ... to say the least. :(

This is my # route -n output:
Code: 
# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.0.2.1       0.0.0.0         255.255.255.255 UH    0      0        0 venet0
0.0.0.0         192.0.2.1       0.0.0.0         UG    0      0        0 venet0
Looks the same on other guests.

Here's my /etc/network/interfaces file:
Code: 
# Auto generated interfaces
auto lo
iface lo inet loopback

auto venet0
iface venet0 inet static
        address 127.0.0.1
        netmask 255.255.255.255
        broadcast 0.0.0.0
        up route add -net 192.0.2.1 netmask 255.255.255.255 dev venet0
        up route add default gw 192.0.2.1
auto venet0:0
iface venet0:0 inet static
        address 192.168.XX.XX
        netmask 255.255.255.255
        broadcast 0.0.0.0
Any help or pointers would be greatly appreciated.

Thanks in advance.
 
Btw, my tcpdump looks like this:

Code: 
# tcpdump icmp -n -i any
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
00:03:19.377014 IP 192.168.XX.XX > 74.125.45.100: ICMP echo request, id 9811, seq 1, length 64
00:03:19.377014 IP 192.168.XX.XX > 74.125.45.100: ICMP echo request, id 9811, seq 1, length 64
00:03:19.377039 IP 192.168.XX.XX > 74.125.45.100: ICMP echo request, id 9811, seq 1, length 64
00:03:19.377042 IP 192.168.XX.XX > 74.125.45.100: ICMP echo request, id 9811, seq 1, length 64
00:03:20.386896 IP 192.168.XX.XX > 74.125.45.100: ICMP echo request, id 9811, seq 2, length 64
00:03:20.386896 IP 192.168.XX.XX > 74.125.45.100: ICMP echo request, id 9811, seq 2, length 64
No replies ...
 
mlanner said:
I've got exactly the same problem with a Ubuntu 8.04 guest. I'm running a fully patched Proxmox 1.3 host. The problem started after a brief Internet outage earlier tonight.
Click to expand...

It worked before? What happens if you restart the VM?

mlanner said:
My guest can ping all machines in the same subnet but can't ping outside of my gateway. DNS resolution works fine. Other machines on the same subnet have no problems connecting (ping) to servers on the Internet.
Click to expand...

What the network configuration on the host (/etc/network/interfaces)?
 
mlanner said:
Btw, my tcpdump looks like this:

Code: 
00:03:19.377014 IP 192.168.XX.XX > 74.125.45.100: ICMP echo request, id 9811, seq 1, length 64
Click to expand...

What is '74.125.45.100'? It is impossible to answer network related question without more info.
 
Hi,

The cause of my problem was that by mistake I had "iface eth0 inet manual" in /etc/network/interface. I just wanted to let you know.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom