ISPConfig 3 & OpenVZ

Discussion in 'Installation/Configuration' started by agentmoller001, Aug 13, 2015.

  1. I am having problems with getting the containers in OpenVZ to have internet access. My host server OS is Debian 7.8.
    EXAMPLE INSIDE A CONTAINER:
    Code:
    root@debian-7-container:/# apt-get update
    Err http://security.debian.org wheezy/updates Release.gpg
      Temporary failure resolving 'security.debian.org'
    Err http://ftp.debian.org wheezy Release.gpg
      Temporary failure resolving 'ftp.debian.org'
    Err http://ftp.debian.org wheezy-updates Release.gpg
      Temporary failure resolving 'ftp.debian.org'
    Reading package lists... Done
    W: Failed to fetch http://ftp.debian.org/debian/dists/wheezy/Release.gpg  Temporary failure resolving 'ftp.debian.org'
    
    W: Failed to fetch http://ftp.debian.org/debian/dists/wheezy-updates/Release.gpg  Temporary failure resolving 'ftp.debian.org'
    
    W: Failed to fetch http://security.debian.org/dists/wheezy/updates/Release.gpg  Temporary failure resolving 'security.debian.org'
    
    W: Some index files failed to download. They have been ignored, or old ones used instead.
    I followed the the Installing And Using OpenVZ On Debian Wheezy (AMD64) with ploop, and then tried to incorporate the Installing OpenVZ + Management Of VMs Through ISPConfig 3 (Debian 6.0)
    I have separate public IP addresses for each container.
    I don't know if this makes a difference, but the datacenter has bonded eth0 and eth1 for redundancy. (bond0)
    All the addon IP's are setup in the host servers /etc/network/interfaces as:
    (IP 123.123.123.XXX is not real)
    ~~~~~ HOST SERVER
    Code:
    root@host:/#cat /etc/hostname/interfaces
    # The loopback network interface
    auto lo
    iface lo inet loopback
    
    auto eth0
    iface eth0 inet manual
            bond-master bond0
            bond-primary eth1
            bond-mode active-backup
    
    auto eth1
    iface eth1 inet manual
            bond-master bond0
            bond-primary eth1
            bond-mode active-backup
    
    # The primary network interface
    #allow-hotplug eth0
    #iface eth0 inet static
    auto bond0
    iface bond0 inet static
            address 123.123.123.68
            netmask 255.255.255.128
            network 123.123.123.0
            broadcast 123.123.123.127
            gateway 123.123.123.1
            # dns-* options are implemented by the resolvconf package, if installed
            dns-nameservers 8.8.8.8
    #       slaves eth0 eth1
            bond-slaves none
            bond-mode active-backup
            bond-miimon 100
            bond-primary eth1
    
    auto bond0:0
    iface bond0:0 inet static
            address 123.123.123.69
            netmask 255.255.255.128
    
    auto bond0:1
    iface bond0:1 inet static
            address 123.123.123.70
            netmask 255.255.255.128
    
    auto bond0:2
    iface bond0:2 inet static
            address 123.123.123.71
            netmask 255.255.255.128
    
    ~~~~~ INSIDE A CONTAINER
    Code:
    root@debian-7-container:/# netstat -nr
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
    0.0.0.0         0.0.0.0         0.0.0.0         U         0 0          0 venet0
    
    Have a feeling this is where the problem is (above).
    Code:
    root@debian-7-container:/# cat /etc/network/interfaces
    # This configuration file is auto-generated.
    #
    # WARNING: Do not edit this file, your changes will be lost.
    # Please create/edit /etc/network/interfaces.head and
    # /etc/network/interfaces.tail instead, their contents will be
    # inserted at the beginning and at the end of this file, respectively.
    #
    # NOTE: it is NOT guaranteed that the contents of /etc/network/interfaces.tail
    # will be at the very end of this file.
    #
    
    # Auto generated lo interface
    auto lo
    iface lo inet loopback
    
    # Auto generated venet0 interface
    auto venet0
    iface venet0 inet manual
            up ifconfig venet0 up
            up ifconfig venet0 127.0.0.2
            up route add default dev venet0
            down route del default dev venet0
            down ifconfig venet0 down
    
    
    iface venet0 inet6 manual
            up route -A inet6 add default dev venet0
            down route -A inet6 del default dev venet0
    
    auto venet0:0
    iface venet0:0 inet static
            address 123.123.123.69
            netmask 255.255.255.255
    Code:
    root@debian-7-container:/# cat /etc/network/interfaces.tail
    auto venet0:0
    iface venet0:0 inet static
            address 123.123.123.69
            netmask 255.255.255.118
    Code:
    root@debian-7-container:/# cat /etc/resolv.conf
    nameserver 8.8.8.8
    Code:
    root@debian-7-container:/# ping 8.8.8.8
    PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
    ^C
    --- 8.8.8.8 ping statistics ---
    19 packets transmitted, 0 received, 100% packet loss, time 17999ms
    
    root@debian-7-container:/# ping www.google.com
    ping: unknown host www.google.com
    Thanks in advance for any help.
     
    Last edited: Aug 13, 2015
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Do you run a firewall on the host? If yes, try to stop it and test again.
     
  3. Same results.
    Code:
    root@host:/# /etc/init.d/bastille-firewall stop
    
    WARNING: reverting to default settings (dropping firewall)
    disabling IP forwarding... done.
    unloading masquerading modules... done.
    resetting default input rules to accept... done.
    resetting default output rule to accept... done.
    resetting default forward rule to accept... done.
    flushing INPUT rules... done.
    flushing OUTPUT rules... done.
    flushing FORWARD rules... done.
    removing user-defined chains... done.
    
    root@host:/# vzctl start 101
    Starting container...
    Adding delta dev=/dev/ploop12761 img=/vz/private/101/root.hdd/root.hdd (rw)
    Mounting /dev/ploop12761p1 at /vz/root/101 fstype=ext4 data='balloon_ino=12,'
    Container is mounted
    Adding IP address(es): 123.123.123.69
    Setting CPU units: 1000
    Container start in progress...
    
    root@host:/# vzctl enter 101
    entered into CT 101
    
    root@debian-7-container:/# ping www.google.com
    ping: unknown host www.google.com
    
    root@debian-7-container:/# ping 8.8.8.8
    PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
    ^C
    --- 8.8.8.8 ping statistics ---
    8 packets transmitted, 0 received, 100% packet loss, time 6999ms
    
    root@debian-7-container:/#
     
  4. [RESLOVED]
    So I finally got it. Till you where correct. Once the firewall script got started, it turned off IP forwarding. So to resolve this I needed to do the following:
    Code:
    root@host:/# cat /proc/sys/net/ipv4/ip_forward
    0
    
    root@host:/# echo 1 > /proc/sys/net/ipv4/ip_forward
    
    root@host:/# cat /proc/sys/net/ipv4/ip_forward
    1
    
    root@host:/# /etc/init.d/vz restart
    mkdir: cannot create directory `/var/lock/ploop': File exists
    Suspending CT 101
    Bringing down interface venet0: ..done
    Stopping OpenVZ: ..done
    Starting OpenVZ: ..done
    Applying OOM adjustments: ..done
    Bringing up interface venet0: ..done
    Starting CT 101: ..done
    
    root@host:/# vzctl exec 101 ping www.google.com
    PING www.google.com (216.58.219.132) 56(84) bytes of data.
    64 bytes from mia07s26-in-f4.1e100.net (216.58.219.132): icmp_req=1 ttl=55 time=2.95 ms
    64 bytes from mia07s26-in-f132.1e100.net (216.58.219.132): icmp_req=2 ttl=55 time=2.97 ms
    64 bytes from mia07s26-in-f4.1e100.net (216.58.219.132): icmp_req=3 ttl=55 time=2.94 ms
    64 bytes from mia07s26-in-f4.1e100.net (216.58.219.132): icmp_req=4 ttl=55 time=2.96 ms
    64 bytes from mia07s26-in-f4.1e100.net (216.58.219.132): icmp_req=5 ttl=55 time=2.97 ms
    ^C
    root@host:/#
    
     
    Last edited: Aug 14, 2015

Share This Page