From: Martin <mar...@gm...> - 2011-06-21 18:39:24
|
I've been tearing my hair out on this one for the last couple of days, I even switched from CentOS on the physical server, to Debian, just to see if it would make a difference, but it didn't. First of all, I'll describe my setup: I have one Dell server, running Debian 6 with only one network port connected to my test LAN (eth0), and two test containers, also running Debian 6. On those containers I have installed Shorewall 4.4.11.6 from the Debian repositories and configured it as described in the attached files. The physical server doesn't have Shorewall installed. This is a clean install, the only modifications I made from the base install was installing the OpenVZ kernel and userland utilities. I have tested these same configuration files on a VMware virtual machine and it worked without any problems. Now for the problem: Whenever I enable shorewall (shorewall safe-start or boot), it allows SSH and MySQL from the LAN, but it's impossible to access anything from within the container to the outside world. Simply disabling shorewall, or setting ALLOW in the net section of /etc/shorewall/policy resolves the problem. I have tested this by using PING and SSH to the IP addresses of other machines on the LAN, the other OpenVZ container and the physical server. I've attached all relevant configuration files I could find and I appreciate any assistance you could give me with this. Martin. |