Ping problems inside network

[Chow]

Hi,

I have several servers and proxmox servers in one subnet. From the outside world I can ping them all fine. But between them I get no ping or lots of packetloss.
For example. The host runs x.x.x.90 and the vps runs x.x.x.91
I can ping from another machine with x.x.x.40 the host well. But pinging the vps is a problem.

It's a default proxmox setup so I'm curious what's wrong.

 

[Giovanni]

Is the VM that you are pinging an OpenVZ or KVM one?

Does it happen regardless of KVM or OpenVZ?

 

[Chow]

Openvz. I don't use KVM.

 

[Giovanni]

run this logged as root in SSH.

    sysctl net.ipv4.conf.all.proxy_arp=1

let me know if it fixes the problem.

 

[Chow]

Hi, we tried but still the same issue

 

[Nemesiz]

run this logged as root in SSH.

    sysctl net.ipv4.conf.all.proxy_arp=1

let me know if it fixes the problem.

It can make more problems with ISP.

You have to allow packets to access between NIC (real and virtual). Allow ip_forward and try to use iptables

 

[Chow]

Playing with iptables can cause problems also. BTW, I don't have this issue with hypervm servers also running openvz. Only with proxmox servers so it must be some setting somewhere.

 

[Nemesiz]

Mine network configuration:

sysctl.conf:
#-- OpenVZ begin --#

# On Hardware Node we generally need
# packet forwarding enabled and proxy arp disabled
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.ip_forward = 1

# Enables source route verification
net.ipv4.conf.all.rp_filter = 1

# Enables the magic-sysrq key
kernel.sysrq = 1

# TCP Explict Congestion Notification
#net.ipv4.tcp_ecn = 0

# we do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0

# IPV6
#net.ipv6.conf.default.forwarding = 1
#net.ipv6.conf.all.forwarding = 1

#-- OpenVZ end --#

iptables:
iptables -A after-forwarding -i venet+ -o venet+ -j ACCEPT # allow VMs to talk together
iptables -A after-forwarding -i veth+ -o vmbr+ -j ACCEPT #
iptables -A after-forwarding -i vmbr+ -o veth+ -j ACCEPT #
iptables -A after-input -i veth+ -j ACCEPT # allow VPN talk to hyperviser

BTW i use Fridu firewall script and i dont use vmbr0 (or any other bridge) at the moment

 

[Chow]

Thnx, your hint helped me a lot. With your information in mind I found this article on the openvz website
http://wiki.openvz.org/Bridge_doesn't_forward_packets

Now it all works fine..