Christian's picture

Hello!

I am a longtime Turnkeylinux user running a turnkey-core-11.0rc-lucid-x86 on a Proxmox 1.9 host server (hetzner.de) as a KVM Virtual machine. I want to migrate (via tklbam) the VM to a smaller host server and to a simpler network setup, since I don't need more thant one or two VMs and am not very good at linux networking anyways. So I set up a new Proxmox 3.1 host on a smaller Hetzner server. I read everywhere that setting up an OpenVZ VM with a public IP is a piece of cake and needs virtually no configuration - Great, I thought - just the right thing for me! There even is a Turnkey 11.3 OpenVZ template that I can use - hooray!

In Proxmox, I added the template, connecting it with the venet interface and the public IP. Now here is the problem: I can ssh into the VM from the host machine, but I cannot reach the VM from the outside, and I don't have access to the internet from inside the VM. So there must be something I am missing, and maybe somebody can help me out?

Here is some information that might be helpful (I have left all the default settings):

HOST:

/etc/network/interfaces

### Hetzner Online AG - installimage
# Loopback device:
auto lo
iface lo inet loopback

# device: eth0
auto  eth0
iface eth0 inet static
  address   xx.xx.xx.72
  broadcast xx.xx.xx.95
  netmask   255.255.255.224
  gateway   xx.xx.xx.65
  pointtopoint xx.xx.xx.65

  # default route to access subnet

  up route add -net xx.xx.xx.64 netmask 255.255.255.224 gw xx.xx.xx.65 eth0

GUEST:

# /etc/network/interfaces 

# Auto generated lo interface
auto lo
iface lo inet loopback

# Auto generated venet0 interface
auto venet0
iface venet0 inet manual
    up ifconfig venet0 up
    up ifconfig venet0 127.0.0.2
    up route add default dev venet0
    down route del default dev venet0
    down ifconfig venet0 down

iface venet0 inet6 manual
    up route -A inet6 add default dev venet0
    down route -A inet6 del default dev venet0

auto venet0:0
iface venet0:0 inet static
    address xx.xx.xx.93
    netmask 255.255.255.255

 

netstat -nr

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         0.0.0.0         0.0.0.0         U         0 0          0 venet0

 

ip route

default dev venet0  scope link

 

ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/void 
    inet 127.0.0.2/32 scope host venet0
    inet xx.xx.xx.93/32 scope global venet0:0

I have tried adding 

gateway   xx.xx.xx.65

to /etc/network/interfaces 

or 

/sbin/route add -net 0.0.0.0 gw xx.xx.xx.65

with no avail. I also activated ip forwarding in the host, even though I read that venet explicitly doesn't require that, it didn't help in any case. 

I also tried setting the right values in 

/usr/bin/confconsole

but that simply resulted in losing the connection to the VM.

So I am a bit lost and hope that some smart Turnkeylinuxer(ess) can help me.

Thanks!

Christian 

Forum: 
Christian's picture

As per https://openvz.org/Common_Networking_HOWTOs, this creates access of the VM to the internet:

[host-node]# echo 1 > /proc/sys/net/ipv4/ip_forward
[host-node]# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

So we need ip-forwarding after all. Need to make this permanent, though.

But still no access to the VM from outside...

Christian's picture

I found the solution - had nothing to do with the Host networking setup! I had by accident created a separate MAC-Address for the additional public IP at the Hetzner.de Admin interface. Once that was removed, everything started to work!

Add new comment