Virtualisation Ping Iptables

**Tarok** · 01/08/2012, 09h21

Bonjour,

Voici un autre souci : Je n'ai plus accès à internet à partir de mes VM

Lorsque je ping un DNS de google, Cette erreur s'affiche : Destination Port Unreachable
J'ai fait des recherches mais je ne trouve pas de solution. A savoir que cela fonctionnait avant un reboot de l'hyperviseur.
(Pb d'iptables ?)

Résultat de "ip a" sur l'hyperviseur :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 78:2b:cb:28:62:06 brd ff:ff:ff:ff:ff:ff
    inet 88.XX.XX.XX/24 brd 88.XX.XX.255 scope global eth0
    inet6 2a01:e0b:1000:29:7a2b:cbff:fe28:6206/64 scope global dynamic 
       valid_lft 2591997sec preferred_lft 604797sec
    inet6 fe80::7a2b:cbff:fe28:6206/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 78:2b:cb:28:62:07 brd ff:ff:ff:ff:ff:ff
4: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether fe:54:00:40:4b:52 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
6: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:54:00:63:54:88 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc54:ff:fe63:5488/64 scope link 
       valid_lft forever preferred_lft forever
13: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:54:00:c3:a2:c0 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc54:ff:fec3:a2c0/64 scope link 
       valid_lft forever preferred_lft forever
14: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:54:00:a1:91:f0 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc54:ff:fea1:91f0/64 scope link 
       valid_lft forever preferred_lft forever
15: vnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:54:00:40:4b:52 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc54:ff:fe40:4b52/64 scope link 
       valid_lft forever preferred_lft forever
16: vnet4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:54:00:f2:19:d0 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc54:ff:fef2:19d0/64 scope link 
       valid_lft forever preferred_lft forever

Résultat de "ip a" sur une VM :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:40:4b:52 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.226/24 brd 192.168.122.255 scope global eth0
    inet6 fe80::5054:ff:fe40:4b52/64 scope link 
       valid_lft forever preferred_lft forever

iptables -L sur l'hyperviseur :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps 
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 
ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-is-bridged 
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

iptables -L -t nat sur l'hyperviseur :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
 
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
SNAT       all  --  192.168.122.0/24    !192.168.122.0/24    to:88.XX.XX.XX
MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535 
 
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

iptables -L sur une VM :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            state NEW multiport dports 11210,memcache,epmd,jamlink,21100:21299 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

iptables -L -t nat :

Vide

Merci d'avance, si vous avez besoin de d'autres informations dîtes le moi !

Tarok

Virtualisation Ping Iptables

Réseau

Discussions similaires

Partager

Partager