Update - It appears to be fairly straightforward to enable forwarding with firewalld in RHEL 9, so hopefully a plain vanilla openvz 9 will be able to do everything we need to do.
Looking forward to OVZ 9, will be happy to beta test Jake On Sat, Dec 31, 2022 at 2:31 PM jjs - mainphrame <j...@mainphrame.com> wrote: > Curious side note - > > Replacing firewalld with ufw allows traffic to be forwarded by the > container. I gather that firewalld was designed for a workstation or a > laptop, not a multi-homed server. That, and the version of firewalld on > RHEL 7 is rather old. > > In any case, all of the "direct" firewalld rules that should have done the > trick haven't done so. > > I'm curious to see if the newer version of firewalld that comes with RHEL > 9 will be any more cooperative on this front. > > Jake > > On Mon, Dec 26, 2022 at 12:36 PM jjs - mainphrame <j...@mainphrame.com> > wrote: > >> Greetings - >> >> It's 2022, I have a new set of openvz servers, and once again, disabling >> NetworkManager was the key to solving a nagging, intermittent network >> problem. >> >> I recently added interfaces to the openvz servers to connect them to >> other networks, and while everything seemed to work initially, the bridges >> kept going down mysteriously. >> >> I tried removing and rebuilding the bridges, the networks, the virtual >> interfaces, seeing the bridge come up, and then syslog showing >> NetworkManager was taking the bridge down for vague and inscrutable >> reasons, I disabled NetworkManager, and voila. No more bridge problems. >> >> It seems to me that NetworkManager doesn't add any value for a server, >> only additional failure modes. Perhaps it's a solution in search of a >> problem, as they say? >> >> Jake >> >> On Thu, Dec 31, 2015 at 1:15 PM jjs - mainphrame <j...@mainphrame.com> >> wrote: >> >>> Greetings - >>> >>> It's been 2 weeks of flawless network connectivity to all containers >>> after completely removing network manager, even after attempts to induce >>> the sort of failure that were seen when network manager was running,. >>> >>> At this point, it's clear that network manager was the problem, and the >>> old saw is confirmed: "simple is safe". >>> >>> Happy new year to all who were following this question. >>> >>> Joe >>> >>> >>> >>> >>> >>> On Mon, Dec 14, 2015 at 9:51 AM, Konstantin Bukharov <b...@virtuozzo.com> >>> wrote: >>> >>>> Hello, >>>> >>>> >>>> >>>> From symptoms, it looks like ARP cache expiration issue. >>>> >>>> Please check ARP cache settings on your network equipment. >>>> >>>> >>>> >>>> We haven’t seen such massive reports. >>>> >>>> >>>> >>>> Best regards, >>>> >>>> >>>> >>>> *From:* users-boun...@openvz.org [mailto:users-boun...@openvz.org] *On >>>> Behalf Of *jjs - mainphrame >>>> *Sent:* Saturday, December 12, 2015 6:18 >>>> *To:* users@openvz.org >>>> *Subject:* [Users] OVZ 7 network issues (vz host stops answering arp >>>> requests) >>>> >>>> >>>> >>>> Greetings, >>>> >>>> >>>> >>>> I've been running some servers in OVZ 7 containers for some months now, >>>> and I'm happy with reliability and performance, with the exception of an >>>> occasional loss of ct network connectivity. >>>> >>>> From time to time, I'll get a xymon alert that all containers are >>>> unreachable. The cts are all using host routing. What I see, when I examine >>>> any affected ct, is this: >>>> >>>> >>>> >>>> >>>> >>>> The container no longer responds to ping, even from the local lan. >>>> >>>> The vz host and container can connect to each other >>>> >>>> The container can not reach anything beyond the host. >>>> >>>> >>>> >>>> When I enter the container and ping another box, the pings are >>>> received, but the box can not return the pings as the arp request goes >>>> unanswered. For some reason the vz host forgets about the cts, and it's >>>> always all of them. This is 2 Centos 7 boxes, running OVZ 7 beta and OVZ 7 >>>> factory >>>> >>>> >>>> >>>> Doing a vzctl restart on each affected ct restores connectivity. Has >>>> anyone else seen this issue? >>>> >>>> >>>> >>>> Regards, >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> Users@openvz.org >>>> https://lists.openvz.org/mailman/listinfo/users >>>> >>>> >>>
_______________________________________________ Users mailing list Users@openvz.org https://lists.openvz.org/mailman/listinfo/users
