ISPConfig 3 & OpenVZ

Discussion in 'Installation/Configuration' started by agentmoller001, Aug 13, 2015.

  1. agentmoller001

    agentmoller001 Member

    I am having problems with getting the containers in OpenVZ to have internet access. My host server OS is Debian 7.8.
    EXAMPLE INSIDE A CONTAINER:
    Code:
    root@debian-7-container:/# apt-get update
Err http://security.debian.org wheezy/updates Release.gpg
  Temporary failure resolving 'security.debian.org'
Err http://ftp.debian.org wheezy Release.gpg
  Temporary failure resolving 'ftp.debian.org'
Err http://ftp.debian.org wheezy-updates Release.gpg
  Temporary failure resolving 'ftp.debian.org'
Reading package lists... Done
W: Failed to fetch http://ftp.debian.org/debian/dists/wheezy/Release.gpg  Temporary failure resolving 'ftp.debian.org'

W: Failed to fetch http://ftp.debian.org/debian/dists/wheezy-updates/Release.gpg  Temporary failure resolving 'ftp.debian.org'

W: Failed to fetch http://security.debian.org/dists/wheezy/updates/Release.gpg  Temporary failure resolving 'security.debian.org'

W: Some index files failed to download. They have been ignored, or old ones used instead.
    I followed the the Installing And Using OpenVZ On Debian Wheezy (AMD64) with ploop, and then tried to incorporate the Installing OpenVZ + Management Of VMs Through ISPConfig 3 (Debian 6.0)
    I have separate public IP addresses for each container.
    I don't know if this makes a difference, but the datacenter has bonded eth0 and eth1 for redundancy. (bond0)
    All the addon IP's are setup in the host servers /etc/network/interfaces as:
    (IP 123.123.123.XXX is not real)
    ~~~~~ HOST SERVER
    Code:
    root@host:/#cat /etc/hostname/interfaces
# The loopback network interface
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual
        bond-master bond0
        bond-primary eth1
        bond-mode active-backup

auto eth1
iface eth1 inet manual
        bond-master bond0
        bond-primary eth1
        bond-mode active-backup

# The primary network interface
#allow-hotplug eth0
#iface eth0 inet static
auto bond0
iface bond0 inet static
        address 123.123.123.68
        netmask 255.255.255.128
        network 123.123.123.0
        broadcast 123.123.123.127
        gateway 123.123.123.1
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 8.8.8.8
#       slaves eth0 eth1
        bond-slaves none
        bond-mode active-backup
        bond-miimon 100
        bond-primary eth1

auto bond0:0
iface bond0:0 inet static
        address 123.123.123.69
        netmask 255.255.255.128

auto bond0:1
iface bond0:1 inet static
        address 123.123.123.70
        netmask 255.255.255.128

auto bond0:2
iface bond0:2 inet static
        address 123.123.123.71
        netmask 255.255.255.128
    ~~~~~ INSIDE A CONTAINER
    Code:
    root@debian-7-container:/# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         0.0.0.0         0.0.0.0         U         0 0          0 venet0
    Have a feeling this is where the problem is (above).
    Code:
    root@debian-7-container:/# cat /etc/network/interfaces
# This configuration file is auto-generated.
#
# WARNING: Do not edit this file, your changes will be lost.
# Please create/edit /etc/network/interfaces.head and
# /etc/network/interfaces.tail instead, their contents will be
# inserted at the beginning and at the end of this file, respectively.
#
# NOTE: it is NOT guaranteed that the contents of /etc/network/interfaces.tail
# will be at the very end of this file.
#

# Auto generated lo interface
auto lo
iface lo inet loopback

# Auto generated venet0 interface
auto venet0
iface venet0 inet manual
        up ifconfig venet0 up
        up ifconfig venet0 127.0.0.2
        up route add default dev venet0
        down route del default dev venet0
        down ifconfig venet0 down


iface venet0 inet6 manual
        up route -A inet6 add default dev venet0
        down route -A inet6 del default dev venet0

auto venet0:0
iface venet0:0 inet static
        address 123.123.123.69
        netmask 255.255.255.255
    Code:
    root@debian-7-container:/# cat /etc/network/interfaces.tail
auto venet0:0
iface venet0:0 inet static
        address 123.123.123.69
        netmask 255.255.255.118
    Code:
    root@debian-7-container:/# cat /etc/resolv.conf
nameserver 8.8.8.8
    Code:
    root@debian-7-container:/# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
19 packets transmitted, 0 received, 100% packet loss, time 17999ms

root@debian-7-container:/# ping www.google.com
ping: unknown host www.google.com
    Thanks in advance for any help.
     
    Last edited: Aug 13, 2015
    agentmoller001, Aug 13, 2015
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Do you run a firewall on the host? If yes, try to stop it and test again.
     
    till, Aug 13, 2015
    #2
  3. agentmoller001

    agentmoller001 Member

    Same results.
    Code:
    root@host:/# /etc/init.d/bastille-firewall stop

WARNING: reverting to default settings (dropping firewall)
disabling IP forwarding... done.
unloading masquerading modules... done.
resetting default input rules to accept... done.
resetting default output rule to accept... done.
resetting default forward rule to accept... done.
flushing INPUT rules... done.
flushing OUTPUT rules... done.
flushing FORWARD rules... done.
removing user-defined chains... done.

root@host:/# vzctl start 101
Starting container...
Adding delta dev=/dev/ploop12761 img=/vz/private/101/root.hdd/root.hdd (rw)
Mounting /dev/ploop12761p1 at /vz/root/101 fstype=ext4 data='balloon_ino=12,'
Container is mounted
Adding IP address(es): 123.123.123.69
Setting CPU units: 1000
Container start in progress...

root@host:/# vzctl enter 101
entered into CT 101

root@debian-7-container:/# ping www.google.com
ping: unknown host www.google.com

root@debian-7-container:/# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 6999ms

root@debian-7-container:/#
     
    agentmoller001, Aug 13, 2015
    #3
  4. agentmoller001

    agentmoller001 Member

    [RESLOVED]
    So I finally got it. Till you where correct. Once the firewall script got started, it turned off IP forwarding. So to resolve this I needed to do the following:
    Code:
    root@host:/# cat /proc/sys/net/ipv4/ip_forward
0

root@host:/# echo 1 > /proc/sys/net/ipv4/ip_forward

root@host:/# cat /proc/sys/net/ipv4/ip_forward
1

root@host:/# /etc/init.d/vz restart
mkdir: cannot create directory `/var/lock/ploop': File exists
Suspending CT 101
Bringing down interface venet0: ..done
Stopping OpenVZ: ..done
Starting OpenVZ: ..done
Applying OOM adjustments: ..done
Bringing up interface venet0: ..done
Starting CT 101: ..done

root@host:/# vzctl exec 101 ping www.google.com
PING www.google.com (216.58.219.132) 56(84) bytes of data.
64 bytes from mia07s26-in-f4.1e100.net (216.58.219.132): icmp_req=1 ttl=55 time=2.95 ms
64 bytes from mia07s26-in-f132.1e100.net (216.58.219.132): icmp_req=2 ttl=55 time=2.97 ms
64 bytes from mia07s26-in-f4.1e100.net (216.58.219.132): icmp_req=3 ttl=55 time=2.94 ms
64 bytes from mia07s26-in-f4.1e100.net (216.58.219.132): icmp_req=4 ttl=55 time=2.96 ms
64 bytes from mia07s26-in-f4.1e100.net (216.58.219.132): icmp_req=5 ttl=55 time=2.97 ms
^C
root@host:/#
     
    Last edited: Aug 14, 2015
    agentmoller001, Aug 14, 2015
    #4

Share This Page