New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
SolusVM ebtables IPv6 Issues
If "IP Stealing & ARP Attack" protection is enabled in SolusVM, IPv6 in guests completely stops working. The IPv6 addresses are not being added into ebtables.
This is a confirmed issue with CentOS 5 and SolusVM v1.9 and below. However, we are running CentOS 6 and SolusVM v1.11.00. Any ideas on how to solve this? I've already contacted SolusVM support and so far nothing...
Comments
What are you using?
OpenVZ? Xen? KVM?
KVM
did solusvm respond yet? they are quick at responding
They've responded but nothing helpful yet. Phill asked about the CentOS and kernel version.
It's been a day since the initial ticket and I was wondering if anyone else has had this issue and potentially a solution.
I can confirm this problem on RHEL5 SolusVM advised us to turn those features off lol
What do you run now? 5 or 6?
Did you ever get it working?
Nope. We are running 5.8 on the node in question.
How many nodes do you have? Is it working on others? Hmm... I wonder if a reinstall could potentially fix this. The node is empty right now besides my test vm.
Already brought this up with them back in January and got this:
When I pointed out that The kernels do have IP6 support and quoted somthing I got from: http://ebtables.sourceforge.net/
I was told
And then informed that you need to set a rule for every IP6 address manually like so:
ebtables -A INPUT -i vifvm302.0 -j vifvm302.0
ebtables -A FORWARD -i vifvm302.0 -j vifvm302.0
ebtables -A vifvm302.0 -p IPv6 --ip6-dst 2a00:xxxx:xxxx:x::xxxx:xxxx -j ACCEPT
Which is obviously impractical, so after a very long sigh.... I just wrote my own ip stealing alerting script which runs every 15 minutes and left it at that.
also..... inb4 the FTN squad call this a solusvm bashing thread and blame all the problems in the world on me
Phill said this would be fixed in the next couple days in the next beta release.
this wasn't fixed in the first beta release
Woah you consider 10+ hour replies to be quick?
I would prefer productive responses over quick responses. I always get a response from Phil on bugs I find in beta releases, but sometimes they are the next day, with a simple "found the issue", which means my input is being useful. I can't stand their outsourced support with their quick "I need to escalate this to ...", how is that even useful?
This.
What many people don't get is that its better to have an informative response with actual content then to have a quick one saying "Ok." or "I'll let such and such know."
Their outsourced support told me: you need a "plane" centos to install. which is incorrect, my first server has centos.plus and so dose my 2nd server. i went ahead and ignore them and still managed to get it to work. but i must say they respond pretty quick
There is a reason why every single control panel asks for a minimal OS install. Cause each of those panel comes with their own server software, setup and rules and can really mess a system up of the person doing it doesn't know what they are doing.
AND Even though my own English is pretty Terrible and/or horrible , but @Randy,
Plain?
Does?
You are a provider, and almost about 18. Act a bit mature and Present your self like a MAN not a 13 year old teenager. This can rally affect your "Company" reputation.
No. "Plane" was that they typed and not me
does* yes thats a typo;-) @NinjaHawk
does* yes thats a typo;-) @NinjaHawk
You see, everyone makes error, you didn't have to say "Indian outsourced support". Country of origin doesn't have to do anything with your command in English. I know bunch of Indian Kids (about 19-21) and they can type in a legal document by them self while lot of us (Me included) , fails to wright a proper sentence. Was just pointing that out.
i have Corrected it. thanks for pointing out
Just to point out. the os was loaded by LSN and they said that it is taken directly from the centos mirror
I can confirm this is an issue on the latest SolusVM and RHEL 6 with KVM. Is this also an OpenVZ issue?
OpenVZ containers cannot assign IPs to themselves so I don't think they can "steal" IPs either.
CentOS 6.3 + KVM here, I renamed /usr/local/solusvm/includes/eb_on.php to something else and rebooted the node.
Now IPv6 works fine even with "Tick to prevent IP stealing and ARP attacks" enabled.
Uhhh...
If you removed ( = renamed ) the script, the tick isn't doing anything, quite obviously it works fine, lol.
LOL this is what happens when all the code is encoded...
The above "tip" was posted a few times on the SolusVM forums, but no one ever mentioned that this would break the functionality itself.
Man that template is popular.