[SOLVED] [SOLVED] OpenVZ venet network problems vmbr0, All OpenVZ One IP.

[Walfrid]

Hello all,

1) OK: Proxmox is Installed
2) OK: My Openvz installed is named ref-101 with IP venet 192.168.101.1
3) OK: The iptables is my old systeme.
4) OK: my cat /proc/sys/net/ipv4/ip_forward = 1
5) XX: I can not Access to ref-101 in SSH with 195.154.250.195:22101

etc/network/iptables

# Rooter le Port SSH 22 vers 22101
-A PREROUTING -d 195.154.250.195/32 -i vmbr0 -p tcp -m tcp --dport 22101 -j DNAT --to-destination 192.168.101.1:22
-A POSTROUTING -s 192.168.101.1/32 -o vmbr0 -j SNAT --to-source 195.154.250.195

etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
iface eth0 inet manual
iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
address 195.154.250.195
netmask 255.255.255.0
gateway 195.154.250.1
bridge_ports eth0
bridge_stp off
bridge_fd 0

Are there any to someone who wants to help me? Please

 

[Mr.Holmes]

Re: OpenVZ venet network problems vmbr0, All OpenVZ One IP.

Hello Walfrid

5) XX: I can not Access to ref-101 in SSH with 195.154.250.195:22101

Try:

iptables -t nat -A PREROUTING -d 195.154.250.195 -p tcp --dport 22101 -j DNAT --to-destination 192.168.101.1:22
iptables -t nat -A POSTROUTING -s 192.168.101.1 -p tcp --sport 22 -j SNAT --to-source 195.154.250.195:22101

If still not working:

- make sure that sshd is started
- verify what happens on the interfaces by

tcpdump -i venet0 -e -n
tcpdump -i vmbr0 -e -n | grep 22101

Kind regards

Mr.Holmes

 

[Walfrid]

Re: OpenVZ venet network problems vmbr0, All OpenVZ One IP.

Can not access. Connection Refused

command not found with:

tcpdump -i venet0 -e -n
tcpdump -i vmbr0 -e -n | grep 22101

This is my proxmox interface.
http://i39.servimg.com/u/f39/18/91/88/44/proxmo12.jpg

 

[Mr.Holmes]

Re: OpenVZ venet network problems vmbr0, All OpenVZ One IP.

Hello Walfrid

Can not access. Connection Refused

If you are sure that sshd is started you should check the packet flow

command not found with:
tcpdump -i venet0 -e -n

Hardly to imagine - proxmox distro includes tcpdump. Which proxmox version do you use and how did you install? But you can add this function by

aptitude install tcpdump

Kind regards

Mr.Holmes

 

[Walfrid]

Re: OpenVZ venet network problems vmbr0, All OpenVZ One IP.

Installed tcpdump.



tcpdump -i venet0 -e -n

tcpdump: WARNING: venet0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on venet0, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
16:42:13.844967 In ethertype IPv4 (0x0800), length 69: 192.168.101.1.42600 > 62.210.16.6.53: 4421+ A? ref-101. (25)
16:42:16.848122 In ethertype IPv4 (0x0800), length 69: 192.168.101.1.39073 > 62.210.16.7.53: 4421+ A? ref-101. (25)
16:42:22.854324 In ethertype IPv4 (0x0800), length 69: 192.168.101.1.52200 > 62.210.16.6.53: 4421+ A? ref-101. (25)
16:42:25.857479 In ethertype IPv4 (0x0800), length 69: 192.168.101.1.42236 > 62.210.16.7.53: 4421+ A? ref-101. (25)
16:42:31.863675 In ethertype IPv4 (0x0800), length 69: 192.168.101.1.33729 > 62.210.16.6.53: 4421+ A? ref-101. (25)
16:42:34.866800 In ethertype IPv4 (0x0800), length 69: 192.168.101.1.34365 > 62.210.16.7.53: 4421+ A? ref-101. (25)
16:42:40.873009 In ethertype IPv4 (0x0800), length 69: 192.168.101.1.42715 > 62.210.16.6.53: 4421+ A? ref-101. (25)
16:42:43.876148 In ethertype IPv4 (0x0800), length 69: 192.168.101.1.35674 > 62.210.16.7.53: 4421+ A? ref-101. (25)
16:42:49.882406 In ethertype IPv4 (0x0800), length 69: 192.168.101.1.56573 > 62.210.16.6.53: 27461+ MX? ref-101. (25)
16:42:52.885548 In ethertype IPv4 (0x0800), length 69: 192.168.101.1.59178 > 62.210.16.7.53: 27461+ MX? ref-101. (25)
16:42:58.891777 In ethertype IPv4 (0x0800), length 69: 192.168.101.1.33356 > 62.210.16.6.53: 27461+ MX? ref-101. (25)
16:43:01.894917 In ethertype IPv4 (0x0800), length 69: 192.168.101.1.43257 > 62.210.16.7.53: 27461+ MX? ref-101. (25)

I have stop the spam with Ctrl+C


tcpdump -i venet0 -e -n

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vmbr0, link-type EN10MB (Ethernet), capture size 65535 bytes

It has been 5 days since I'm stuck on that, try alot tutorial. This is a new installation. And my friends are their servers down since. I'm tired work on that.

 

[Walfrid]

Re: OpenVZ venet network problems vmbr0, All OpenVZ One IP.

Problem solved with:

post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/16' -o vmbr0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22101 -j DNAT --to-destination 192.168.101.1:22

 

[spirit]

Re: OpenVZ venet network problems vmbr0, All OpenVZ One IP.

can you edit this post and mark it as [SOLVED] ?

Thanks!

 

[Walfrid]

Re: OpenVZ venet network problems vmbr0, All OpenVZ One IP.

Done, thanks.