I am having problems with getting the containers in OpenVZ to have internet access. My host server OS is Debian 7.8. EXAMPLE INSIDE A CONTAINER: Code: [email protected]:/# apt-get update Err http://security.debian.org wheezy/updates Release.gpg Temporary failure resolving 'security.debian.org' Err http://ftp.debian.org wheezy Release.gpg Temporary failure resolving 'ftp.debian.org' Err http://ftp.debian.org wheezy-updates Release.gpg Temporary failure resolving 'ftp.debian.org' Reading package lists... Done W: Failed to fetch http://ftp.debian.org/debian/dists/wheezy/Release.gpg Temporary failure resolving 'ftp.debian.org' W: Failed to fetch http://ftp.debian.org/debian/dists/wheezy-updates/Release.gpg Temporary failure resolving 'ftp.debian.org' W: Failed to fetch http://security.debian.org/dists/wheezy/updates/Release.gpg Temporary failure resolving 'security.debian.org' W: Some index files failed to download. They have been ignored, or old ones used instead. I followed the the Installing And Using OpenVZ On Debian Wheezy (AMD64) with ploop, and then tried to incorporate the Installing OpenVZ + Management Of VMs Through ISPConfig 3 (Debian 6.0) I have separate public IP addresses for each container. I don't know if this makes a difference, but the datacenter has bonded eth0 and eth1 for redundancy. (bond0) All the addon IP's are setup in the host servers /etc/network/interfaces as: (IP 123.123.123.XXX is not real) ~~~~~ HOST SERVER Code: [email protected]:/#cat /etc/hostname/interfaces # The loopback network interface auto lo iface lo inet loopback auto eth0 iface eth0 inet manual bond-master bond0 bond-primary eth1 bond-mode active-backup auto eth1 iface eth1 inet manual bond-master bond0 bond-primary eth1 bond-mode active-backup # The primary network interface #allow-hotplug eth0 #iface eth0 inet static auto bond0 iface bond0 inet static address 123.123.123.68 netmask 255.255.255.128 network 123.123.123.0 broadcast 123.123.123.127 gateway 123.123.123.1 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 8.8.8.8 # slaves eth0 eth1 bond-slaves none bond-mode active-backup bond-miimon 100 bond-primary eth1 auto bond0:0 iface bond0:0 inet static address 123.123.123.69 netmask 255.255.255.128 auto bond0:1 iface bond0:1 inet static address 123.123.123.70 netmask 255.255.255.128 auto bond0:2 iface bond0:2 inet static address 123.123.123.71 netmask 255.255.255.128 ~~~~~ INSIDE A CONTAINER Code: [email protected]:/# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 venet0 Have a feeling this is where the problem is (above). Code: [email protected]:/# cat /etc/network/interfaces # This configuration file is auto-generated. # # WARNING: Do not edit this file, your changes will be lost. # Please create/edit /etc/network/interfaces.head and # /etc/network/interfaces.tail instead, their contents will be # inserted at the beginning and at the end of this file, respectively. # # NOTE: it is NOT guaranteed that the contents of /etc/network/interfaces.tail # will be at the very end of this file. # # Auto generated lo interface auto lo iface lo inet loopback # Auto generated venet0 interface auto venet0 iface venet0 inet manual up ifconfig venet0 up up ifconfig venet0 127.0.0.2 up route add default dev venet0 down route del default dev venet0 down ifconfig venet0 down iface venet0 inet6 manual up route -A inet6 add default dev venet0 down route -A inet6 del default dev venet0 auto venet0:0 iface venet0:0 inet static address 123.123.123.69 netmask 255.255.255.255 Code: [email protected]:/# cat /etc/network/interfaces.tail auto venet0:0 iface venet0:0 inet static address 123.123.123.69 netmask 255.255.255.118 Code: [email protected]:/# cat /etc/resolv.conf nameserver 8.8.8.8 Code: [email protected]:/# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. ^C --- 8.8.8.8 ping statistics --- 19 packets transmitted, 0 received, 100% packet loss, time 17999ms [email protected]:/# ping www.google.com ping: unknown host www.google.com Thanks in advance for any help.
Same results. Code: [email protected]:/# /etc/init.d/bastille-firewall stop WARNING: reverting to default settings (dropping firewall) disabling IP forwarding... done. unloading masquerading modules... done. resetting default input rules to accept... done. resetting default output rule to accept... done. resetting default forward rule to accept... done. flushing INPUT rules... done. flushing OUTPUT rules... done. flushing FORWARD rules... done. removing user-defined chains... done. [email protected]:/# vzctl start 101 Starting container... Adding delta dev=/dev/ploop12761 img=/vz/private/101/root.hdd/root.hdd (rw) Mounting /dev/ploop12761p1 at /vz/root/101 fstype=ext4 data='balloon_ino=12,' Container is mounted Adding IP address(es): 123.123.123.69 Setting CPU units: 1000 Container start in progress... [email protected]:/# vzctl enter 101 entered into CT 101 [email protected]:/# ping www.google.com ping: unknown host www.google.com [email protected]:/# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. ^C --- 8.8.8.8 ping statistics --- 8 packets transmitted, 0 received, 100% packet loss, time 6999ms [email protected]:/#
[RESLOVED] So I finally got it. Till you where correct. Once the firewall script got started, it turned off IP forwarding. So to resolve this I needed to do the following: Code: [email protected]:/# cat /proc/sys/net/ipv4/ip_forward 0 [email protected]:/# echo 1 > /proc/sys/net/ipv4/ip_forward [email protected]:/# cat /proc/sys/net/ipv4/ip_forward 1 [email protected]:/# /etc/init.d/vz restart mkdir: cannot create directory `/var/lock/ploop': File exists Suspending CT 101 Bringing down interface venet0: ..done Stopping OpenVZ: ..done Starting OpenVZ: ..done Applying OOM adjustments: ..done Bringing up interface venet0: ..done Starting CT 101: ..done [email protected]:/# vzctl exec 101 ping www.google.com PING www.google.com (216.58.219.132) 56(84) bytes of data. 64 bytes from mia07s26-in-f4.1e100.net (216.58.219.132): icmp_req=1 ttl=55 time=2.95 ms 64 bytes from mia07s26-in-f132.1e100.net (216.58.219.132): icmp_req=2 ttl=55 time=2.97 ms 64 bytes from mia07s26-in-f4.1e100.net (216.58.219.132): icmp_req=3 ttl=55 time=2.94 ms 64 bytes from mia07s26-in-f4.1e100.net (216.58.219.132): icmp_req=4 ttl=55 time=2.96 ms 64 bytes from mia07s26-in-f4.1e100.net (216.58.219.132): icmp_req=5 ttl=55 time=2.97 ms ^C [email protected]:/#