2

So my server is running...

Distributor ID: Ubuntu
Description:    Ubuntu 13.04
Release:    13.04
Codename:   raring

I stumbled onto lxc when I trying to find something to replace vmware on a small server I run. I really like it when it works but this one is totally baffling...

I have 4 containers, Web, Email, DNS, DB. The first three are bound to public Addresses that I have. They all come up like normal.

So take the email server for example. I start it up and see it on the network. I can get out to anywhere. I go to the host and ping its public address and get a response but when I try and telnet to the smtp port FROM THE HOST I get "connection refused"

So I go back to the container console and telnet to the public address (Just Like I did from the host) and it connects...

This was a clean install of Ubuntu and like I said it ran perfect yesterday before a reboot...

I am lost... It is happening on all three of my public addresses. Not sure what u might want to see so I will just put a few things in...

The Email Containers netstat -tal

 root@mail:/etc/network# netstat -tal
 Active Internet connections (servers and established)
 Proto Recv-Q Send-Q Local Address           Foreign Address         State      
 tcp        0      0 localhost:mysql         *:*                     LISTEN     
 tcp        0      0 *:submission            *:*                     LISTEN     
 tcp        0      0 *:pop3                  *:*                     LISTEN     
 tcp        0      0 localhost:spamd         *:*                     LISTEN     
 tcp        0      0 *:imap2                 *:*                     LISTEN     
 tcp        0      0 *:ssh                   *:*                     LISTEN     
 tcp        0      0 *:smtp                  *:*                     LISTEN     
 tcp        0      0 *:imaps                 *:*                     LISTEN     
 tcp        0      0 *:pop3s                 *:*                     LISTEN     
 tcp        0      0 localhost:10024         *:*                     LISTEN     
 tcp        0      0 localhost:10025         *:*                     LISTEN     
 tcp        0      0 mail.centralvahos:49681 web.centralvahost:mysql TIME_WAIT  
 tcp6       0      0 [::]:submission         [::]:*                  LISTEN     
 tcp6       0      0 [::]:pop3               [::]:*                  LISTEN     
 tcp6       0      0 [::]:imap2              [::]:*                  LISTEN     
 tcp6       0      0 [::]:tproxy             [::]:*                  LISTEN     
 tcp6       0      0 [::]:ssh                [::]:*                  LISTEN     
 tcp6       0      0 [::]:smtp               [::]:*                  LISTEN     
 tcp6       0      0 [::]:imaps              [::]:*                  LISTEN     
 tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN

First My Email Container IPTables... root@mail:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination
fail2ban-dovecot-pop3imap tcp -- anywhere anywhere
multiport dports pop3,pop3s,imap2,imaps fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain fail2ban-dovecot-pop3imap (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain fail2ban-ssh (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere

And My Interfaces...

auto em1
auto em1:0
auto em1:1

iface em1 inet static
  address 10.0.0.98
  netmask 255.255.255.240
  gateway 10.0.0.1
  dns-nameservers 8.8.8.8

iface em1:0 inet static
  address 10.0.0.99
  netmask 255.255.255.240
  gateway 10.0.0.1
  dns-nameservers 8.8.8.8

iface em1:1 inet static
  address 10.0.0.100
  netmask 255.255.255.240
  gateway 10.0.0.1
  dns-nameservers 8.8.8.8

(I have changed my numbers but u can see the other stuff...)

And My Email Server Container config...

lxc.network.type = veth
lxc.network.hwaddr = 00:16:3e:c8:e2:b0
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.rootfs = /var/lib/lxc/EMail/rootfs
lxc.mount = /var/lib/lxc/EMail/fstab
lxc.pivotdir = lxc_putold
lxc.devttydir = lxc
lxc.tty = 4
lxc.pts = 1024
lxc.utsname = EMail
lxc.arch = amd64
lxc.cap.drop = sys_module mac_admin mac_override
lxc.network.ipv4 = <my_address>/26
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 254:0 rwm
lxc.cgroup.devices.allow = c 10:229 rwm
lxc.cgroup.devices.allow = c 10:200 rwm
lxc.cgroup.devices.allow = c 1:7 rwm
lxc.cgroup.devices.allow = c 10:228 rwm
lxc.cgroup.devices.allow = c 10:232 rwm
Kevin Bowen
  • 19,615
  • 55
  • 79
  • 83
John Brown
  • 29
  • 2
  • So after some more tests I have determined that one container is working fine. this I have dns set up in and it works like it should so perhaps this is a TCP vs UDP issue... – John Brown May 30 '13 at 21:56
  • 1
    ok after a night of beating my head against a wall I decided to just drop all the public addresses and use the host with iptables to direct traffic. Still a weird mess. Not sure where I messed up the straight public addresses.... – John Brown May 31 '13 at 11:43
  • Good to know some one working on lxc ....http://askubuntu.com/questions/293275/what-is-lxc-and-how-to-get-started/293302#293302 – Qasim Jun 01 '13 at 15:11

0 Answers0