search

virtual-labs / engineers-forum

This is the central repository to post all the queries regarding labs and experiments.
Other
2 stars 5 forks source link

Why container doesn't getting internet where as base system getting? #17

Closed pkjana closed 9 years ago

pkjana commented 9 years ago

IP address of Institute Proxy Server: 10.3.100.207 IP address of Base Host: 10.11.56.57

[root@localhost ~]# ping 10.3.100.207 PING 10.3.100.207 (10.3.100.207) 56(84) bytes of data. 64 bytes from 10.3.100.207: icmp_seq=1 ttl=252 time=0.490 ms 64 bytes from 10.3.100.207: icmp_seq=2 ttl=252 time=0.499 ms

[root@localhost ~]# ping 10.11.56.6 PING 10.11.56.6 (10.11.56.6) 56(84) bytes of data. 64 bytes from 10.11.56.6: icmp_seq=1 ttl=64 time=1.52 ms 64 bytes from 10.11.56.6: icmp_seq=2 ttl=64 time=0.310 ms

[root@localhost ~]# vzctl create 999 --ostemplate ubuntu-12.04-custom-x86_64 --ipadd 10.11.56.99 --diskspace 10G:15.0G --hostname kdm02.vlabs.ac.in

[root@localhost ~]# vzctl start 999

[root@localhost ~]# vzctl set 999 --nameserver inherit --ram 256M --swap 512M --onboot yes --save

[root@localhost ~]# vzctl enter 999

root@kdm02:/# echo $http_proxy http://10.3.100.207:8080/ root@kdm02:/# echo $https_proxy http://10.3.100.207:8080/

root@kdm02:/# ping 10.11.56.57 PING 10.11.56.57 (10.11.56.57) 56(84) bytes of data. 64 bytes from 10.11.56.57: icmp_req=1 ttl=64 time=0.053 ms 64 bytes from 10.11.56.57: icmp_req=2 ttl=64 time=0.039 ms

root@kdm02:/# ping 10.3.100.207 PING 10.3.100.207 (10.3.100.207) 56(84) bytes of data. From 10.11.56.57 icmp_seq=1 Destination Host Prohibited From 10.11.56.57 icmp_seq=2 Destination Host Prohibited

root@kdm02:/# ping 10.11.56.6 PING 10.11.56.6 (10.11.56.6) 56(84) bytes of data. From 10.11.56.57 icmp_seq=1 Destination Host Prohibited From 10.11.56.57 icmp_seq=2 Destination Host Prohibited

You advise me thto save the file to my pc https://github.com/vlead/setup-ovpl-centos/blob/vagrant-setup/meta/iptables-save

Where would i save the file and howh to execute? Base machime or container and in which directory?

After that i have executed following command..

iptables -A INPUT -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited

service iptables save service iptables restart

iptables -L

Chain INPUT (policy ACCEPT) target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited ACCEPT tcp -- anywhere anywhere tcp dpt:ssh

Chain FORWARD (policy ACCEPT) target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT) target prot opt source destination

iptables -L -n

Chain INPUT (policy ACCEPT) target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22

Chain FORWARD (policy ACCEPT) target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT) target prot opt source destination

[root@localhost pkjana]# vzctl enter 999 entered into CT 999

Thanks and regards,

Pabitra K Jana IIT Kharagpur

pkjana commented 9 years ago

I have able to resolved this problem by using following command in the host system temporarily....

iptables --flush

AmulyaSri commented 9 years ago

Issue solved.