I am having problems with getting the containers in OpenVZ to have internet access. My host server OS is Debian 7.8. EXAMPLE INSIDE A CONTAINER: Code: root@debian-7-container:/# apt-get update Err http://security.debian.org wheezy/updates Release.gpg Temporary failure resolving 'security.debian.org' Err http://ftp.debian.org wheezy Release.gpg Temporary failure resolving 'ftp.debian.org' Err http://ftp.debian.org wheezy-updates Release.gpg Temporary failure resolving 'ftp.debian.org' Reading package lists... Done W: Failed to fetch http://ftp.debian.org/debian/dists/wheezy/Release.gpg Temporary failure resolving 'ftp.debian.org' W: Failed to fetch http://ftp.debian.org/debian/dists/wheezy-updates/Release.gpg Temporary failure resolving 'ftp.debian.org' W: Failed to fetch http://security.debian.org/dists/wheezy/updates/Release.gpg Temporary failure resolving 'security.debian.org' W: Some index files failed to download. They have been ignored, or old ones used instead. I followed the the Installing And Using OpenVZ On Debian Wheezy (AMD64) with ploop, and then tried to incorporate the Installing OpenVZ + Management Of VMs Through ISPConfig 3 (Debian 6.0) I have separate public IP addresses for each container. I don't know if this makes a difference, but the datacenter has bonded eth0 and eth1 for redundancy. (bond0) All the addon IP's are setup in the host servers /etc/network/interfaces as: (IP 123.123.123.XXX is not real) ~~~~~ HOST SERVER Code: root@host:/#cat /etc/hostname/interfaces # The loopback network interface auto lo iface lo inet loopback auto eth0 iface eth0 inet manual bond-master bond0 bond-primary eth1 bond-mode active-backup auto eth1 iface eth1 inet manual bond-master bond0 bond-primary eth1 bond-mode active-backup # The primary network interface #allow-hotplug eth0 #iface eth0 inet static auto bond0 iface bond0 inet static address 123.123.123.68 netmask 255.255.255.128 network 123.123.123.0 broadcast 123.123.123.127 gateway 123.123.123.1 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 8.8.8.8 # slaves eth0 eth1 bond-slaves none bond-mode active-backup bond-miimon 100 bond-primary eth1 auto bond0:0 iface bond0:0 inet static address 123.123.123.69 netmask 255.255.255.128 auto bond0:1 iface bond0:1 inet static address 123.123.123.70 netmask 255.255.255.128 auto bond0:2 iface bond0:2 inet static address 123.123.123.71 netmask 255.255.255.128 ~~~~~ INSIDE A CONTAINER Code: root@debian-7-container:/# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 venet0 Have a feeling this is where the problem is (above). Code: root@debian-7-container:/# cat /etc/network/interfaces # This configuration file is auto-generated. # # WARNING: Do not edit this file, your changes will be lost. # Please create/edit /etc/network/interfaces.head and # /etc/network/interfaces.tail instead, their contents will be # inserted at the beginning and at the end of this file, respectively. # # NOTE: it is NOT guaranteed that the contents of /etc/network/interfaces.tail # will be at the very end of this file. # # Auto generated lo interface auto lo iface lo inet loopback # Auto generated venet0 interface auto venet0 iface venet0 inet manual up ifconfig venet0 up up ifconfig venet0 127.0.0.2 up route add default dev venet0 down route del default dev venet0 down ifconfig venet0 down iface venet0 inet6 manual up route -A inet6 add default dev venet0 down route -A inet6 del default dev venet0 auto venet0:0 iface venet0:0 inet static address 123.123.123.69 netmask 255.255.255.255 Code: root@debian-7-container:/# cat /etc/network/interfaces.tail auto venet0:0 iface venet0:0 inet static address 123.123.123.69 netmask 255.255.255.118 Code: root@debian-7-container:/# cat /etc/resolv.conf nameserver 8.8.8.8 Code: root@debian-7-container:/# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. ^C --- 8.8.8.8 ping statistics --- 19 packets transmitted, 0 received, 100% packet loss, time 17999ms root@debian-7-container:/# ping www.google.com ping: unknown host www.google.com Thanks in advance for any help.
Same results. Code: root@host:/# /etc/init.d/bastille-firewall stop WARNING: reverting to default settings (dropping firewall) disabling IP forwarding... done. unloading masquerading modules... done. resetting default input rules to accept... done. resetting default output rule to accept... done. resetting default forward rule to accept... done. flushing INPUT rules... done. flushing OUTPUT rules... done. flushing FORWARD rules... done. removing user-defined chains... done. root@host:/# vzctl start 101 Starting container... Adding delta dev=/dev/ploop12761 img=/vz/private/101/root.hdd/root.hdd (rw) Mounting /dev/ploop12761p1 at /vz/root/101 fstype=ext4 data='balloon_ino=12,' Container is mounted Adding IP address(es): 123.123.123.69 Setting CPU units: 1000 Container start in progress... root@host:/# vzctl enter 101 entered into CT 101 root@debian-7-container:/# ping www.google.com ping: unknown host www.google.com root@debian-7-container:/# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. ^C --- 8.8.8.8 ping statistics --- 8 packets transmitted, 0 received, 100% packet loss, time 6999ms root@debian-7-container:/#
[RESLOVED] So I finally got it. Till you where correct. Once the firewall script got started, it turned off IP forwarding. So to resolve this I needed to do the following: Code: root@host:/# cat /proc/sys/net/ipv4/ip_forward 0 root@host:/# echo 1 > /proc/sys/net/ipv4/ip_forward root@host:/# cat /proc/sys/net/ipv4/ip_forward 1 root@host:/# /etc/init.d/vz restart mkdir: cannot create directory `/var/lock/ploop': File exists Suspending CT 101 Bringing down interface venet0: ..done Stopping OpenVZ: ..done Starting OpenVZ: ..done Applying OOM adjustments: ..done Bringing up interface venet0: ..done Starting CT 101: ..done root@host:/# vzctl exec 101 ping www.google.com PING www.google.com (216.58.219.132) 56(84) bytes of data. 64 bytes from mia07s26-in-f4.1e100.net (216.58.219.132): icmp_req=1 ttl=55 time=2.95 ms 64 bytes from mia07s26-in-f132.1e100.net (216.58.219.132): icmp_req=2 ttl=55 time=2.97 ms 64 bytes from mia07s26-in-f4.1e100.net (216.58.219.132): icmp_req=3 ttl=55 time=2.94 ms 64 bytes from mia07s26-in-f4.1e100.net (216.58.219.132): icmp_req=4 ttl=55 time=2.96 ms 64 bytes from mia07s26-in-f4.1e100.net (216.58.219.132): icmp_req=5 ttl=55 time=2.97 ms ^C root@host:/#