About this list Date view Thread view Subject view Author view Attachment view

From: Luís Miguel Silva (lms_at_ispgaya.pt)
Date: Thu 20 Feb 2003 - 09:32:27 GMT


Hello once more :o)

vserver based running services have a particular "catch" you allways
need to specify the ip you want to bind on.

For example, if you are using apache you should setup the "Listen
192.168.1.1" directive on vserver 192.168.1.1.

Try it now ;o)

Otherwise the rootserver will end up getting all the requests!

Regards,
+-----------------------------------------
| Luís Miguel Silva
| Network Administrator@ ISPGaya.pt
| Rua António Rodrigues da Rocha, 291/341
| Sto. Ovídio • 4400-025 V. N. de Gaia
| Portugal
| T: +351 22 3745730/3/5 F: +351 22 3745738
| G: +351 93 6371253 E: lms_at_ispgaya.pt
| H: http://lms.ispgaya.pt/
+-----------------------------------------
>
>> Hi,
>>
>> still it does not work :(
>> Here now what I am trying at the moment:
>>
>> HOST: VSERVER on HOST:
>> Interface: IPs: (NAT) vserver: vserver-IP:
>> eth0 A.B.C.1 <--> vs1 192.168.1.1
>> eth0:1 A.B.C.2 <--> vs2 192.168.1.2
>> eth0:2 A.B.C.3 <--> vs3 192.168.1.3
>>
>> 'A.B.C.[1..3]' have a DNS entry.
>> If the IP 'A.B.C.1' is used in the browser of another pc the user
>> should end up seeing the webpages stored at server 'vs1' with ip
>> '192.168.1.1'. These are NAT-rules used:
>> 'iptables -A POSTROUTING -t nat -s 192.168.1.[1..3] -d 0/0 -j SNAT
>> --to A.B.C.[1..3]'
>>
>> BUT when I start a vserver a new interface on HOST is assigned (e.g.:
>> 'eth0:vs[1..3]' with IPs '192.168.1.[1..3]') and when I try to connect
>> to the vserver-IP ('A.B.C.[1..3]') I end up on the HOST-computer and
>> not on the vserver. I think the problem lies in the fact that I
>> cannot assign the IPs '192.168.1.[1..3]' to the vservers without
>> these IPnumbers being assigned to the interface ('eth0') of the HOST.
>> Is there anything one may do to chnage this or am I thinking in th
>> ewrong direction?
>>
>> Gtreethings and many thanks so far,
>> Debby
>>
>>
>> Am Mittwoch 19 Februar 2003 12:47 schrieben Sie:
>>> well, you have to set up a port forward for that ip (or are you
>>> filtering the port?)
>>>
>>> I didnt quite understand, your root server and vservers are on the
>>> same network?
>>> Did you meant with 192.168.x.y that both of them have a equal "x"
>>> value? heheh
>>>
>>> If you have something like this:
>>>
>>> [Internet] <-> [Root server] <-> [Vserver]
>>> -the root server can acess the vserver and the internet
>>> -the internet can only acess the vserver
>>> -the vserver can acess the root server and the internet
>>>
>>> if you want "the internet" to be able to access some ports on the
>>> vserver, you should set up a port forwarding for those ports on the
>>> root server.
>>>
>>> You can try something like this on the root server:
>>> iptables -A PREROUTING -t nat -p tcp -d insert.root.server.ip --dport
>>> 80 -j DNAT --to insert.vserver.ip.here
>>> iptables -A FORWARD -p tcp -d insert.vserver.ip.here --dport 80 -j
>>> ACCEPT
>>>
>>> *but*...if you have something like this:
>>>
>>> [network 192.168.1.x] -> [root server with ip 192.168.1.254 and
>>> 192.168.2.254] -> [vserver on network 192.168.2.x]
>>>
>>> if you want everybody on network 192.168.1.x to *transparently*
>>> access the network 192.168.3.x you should set up masquerading on the
>>> root server and add a route on the "network 192.168.1.x" machines.
>>>
>>> Try something like this on network 192.168.1.x:
>>> route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.254
>>>
>>> Best regards,
>>> +-----------------------------------------
>>>
>>> | Luís Miguel Silva
>>> | Network Administrator@ ISPGaya.pt
>>> | Rua António Rodrigues da Rocha, 291/341
>>> | Sto. Ovídio • 4400-025 V. N. de Gaia
>>> | Portugal
>>> | T: +351 22 3745730/3/5 F: +351 22 3745738
>>> | G: +351 93 6371253 E: lms_at_ispgaya.pt
>>> | H: http://lms.ispgaya.pt/
>>>
>>> +-----------------------------------------
>>>
>>> -----Mensagem original-----
>>> De: Debby [mailto:debby_at_aachenconsulting.de]
>>> Enviada: quarta-feira, 19 de Fevereiro de 2003 9:26
>>> Para: vserver_at_solucorp.qc.ca
>>> Assunto: [vserver] How to access the different services (ssh, apache,
>>> ...) on a vserver from the outside?
>>>
>>>
>>> Hi guys,
>>>
>>> thanks to Luis Miguel Silva`s help (iptables -A POSTROUTING -t nat -s
>>> insert.vserver.ip -d 0/0 -j SNAT --to insert.internet.ip) I can now
>>> access the internet from within a vserver - BUT I cannot access the
>>> vserver(s) from outside the host-computer. The host IP and the IPs of
>>> the vservers are in the
>>> same IP-range (192.168.x.y). Does anyone know how to access the
>>> different services (ssh, apache, ...) on a vserver from the outside?
>>> What things have to be set up/installed?
>>>
>>> Thanks,
>>> Debby

+-----------------------------------------
| Luís Miguel Silva
| Network Administrator@ ISPGaya.pt
| Rua António Rodrigues da Rocha, 291/341
| Sto. Ovídio • 4400-025 V. N. de Gaia
| Portugal
| T: +351 22 3745730/3/5 F: +351 22 3745738
| G: +351 93 6371253 E: lms_at_ispgaya.pt
| H: http://lms.ispgaya.pt/
+-----------------------------------------


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Thu 20 Feb 2003 - 09:55:54 GMT by hypermail 2.1.3