Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Question with proxmox/openvz
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Question with proxmox/openvz

Before you ask, no I am not trying to start a company. Trying to split up this dedicated with some openvz VPS's.

My question:

I had gotten a server and later a /29 to go with it, my only problem is being able to route these new IPs in the /29 so that they can reach the outside world. The server came with one usable IP address (/30) that is on a completely different subnet than the /29 I'm trying to get working. I had gotten another /30 before getting this /29 and I can setup the new /30 with a VPS and it works just fine because it and the host seem to be on the same subnet.

The host can ping a VPS with the /29 and the VPS itself can ping the host node but cannot reach outside of it.

I've searched all over google and I can't seem to find a straight answer on doing this, was curious if anyone had any suggestions? If any of that makes sense.

Thanks.

Thanked by 1earl

Comments

  • NickMNickM Member

    Sounds like you might not have IP forwarding enabled. Try this on the node:

     echo 1 > /proc/sys/net/ipv4/ip_forward
    

    For reference, this is the sysctl config that I have added to a node running proxmox, stored at /etc/sysctld.d/openvz.conf so that it is applied at boot:

    # On Hardware Node we generally need
    # packet forwarding enabled and proxy arp disabled
    net.ipv4.ip_forward = 1
    net.ipv6.conf.default.forwarding = 1
    net.ipv6.conf.all.forwarding = 1
    net.ipv4.conf.default.proxy_arp = 0
    
    # Enables source route verification
    net.ipv4.conf.all.rp_filter = 1
    
    # Enables the magic-sysrq key
    kernel.sysrq = 1
    
    # We do not want all our interfaces to send redirects
    net.ipv4.conf.default.send_redirects = 1
    net.ipv4.conf.all.send_redirects = 0
    
  • What is the content of /etc/resolv.conf?

  • FrankZFrankZ Veteran
    edited April 2014

    @catalystium - In "/etc/vz/vz.conf" make sure "NEIGHBOUR_DEVS=all" and is not commented out

    then reboot.

    sed -i 's/NEIGHBOUR_DEVS=detect/NEIGHBOUR_DEVS=all/g' /etc/vz/vz.conf

    reboot

    Thanked by 1ErawanArifNugroho
  • Is the /29 actually routed to the server - from outside the network traceroute to one of your IPs and confirm it ends up at the server.

  • catalystiumcatalystium Member
    edited April 2014

    Thanks for the suggestions guys, I've had ipv4 forwarding set to 1 before asking this but I tried out @NickM's suggestion as well.

    This is what is in /etc/resolv.conf:

    nameserver 8.8.4.4
    namesevrer 8.8.8.8

    I've also had NEIGHBOUR_DEVS set to all as well.

    EDIT: meant to say that it still doesn't work.

  • @MarkTurner said:
    Is the /29 actually routed to the server - from outside the network traceroute to one of your IPs and confirm it ends up at the server.

    Not technically, they set up the block enabling a "router interface".

  • Still cannot figure this out, no idea what exactly I'm doing wrong. This different subnet seems to not want to work at all with anything I've tried.

  • FrankZFrankZ Veteran
    edited April 2014

    @MarkTurner or anybody else ... - Let's say the main node IP is 198.15.1.242 and there are two subnets on the server (198.15.1.240/30 and 107.3.1.80/29) each with their own gateway, (198.15.1.241 and 107.3.1.81), with 198.15.1.241 as the default gateway. The second subnet's IPs are NOT routed to the service IP (198.15.1.242) and the first IP in the second subnet is set up as a Router Interface? What would be the correct routing or ? to enter on the node so the containers can use 107.3.1.82-86.?


    EDIT: I can ping 107.3.1.81 from the internet, and from the node
    (IPs are examples)

  • @FrankZ - PM me your interfaces file and I'll take a look

    Thanked by 2FrankZ catalystium
Sign In or Register to comment.