LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page "connection refused" in proxmox container
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-17-2017, 03:09 PM   #1
old_electrician
LQ Newbie
 
Registered: Mar 2017
Posts: 1

Rep: Reputation: Disabled
"connection refused" in proxmox container

At first i am sorry for my English/ It is not native for me.
I am not qualified adminstrator of linux, so i have not so many experience with iptables and routing. Deadline is "yesterday". Googling did not any progress for me. It should be very good if someone writes guide for me something like "use this command and everything should be fine"

So, i've got hardware server with 1 NIC.
OS type - debian + proxmox. 1 dedicated IP adress.
Inside:
2 Centos containers with own dedicated IP AAA and BBB

Trouble:
All connetions from outside to AAA and BBB proceed normal (ssh,http,mysql).
Result of all connections from container is "connection refused" (ssh,wget,yum,curl).
All connetions to host server goes normal.

History:
This became so after tried to install openvpn and did something in ISP-manager.

Config:
iptables
Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ispmgr_deny_ip  all  --  anywhere             anywhere
ispmgr_allow_ip  all  --  anywhere             anywhere
ispmgr_allow_sub  all  --  anywhere             anywhere
ispmgr_deny_sub  all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere             match-set ispmgr_limit_req src
fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:222
fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere


Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-ssh (2 references)
target     prot opt source               destination
REJECT     all  --  210.30.65.218.broad.xy.jx.dynamic.163data.com.cn  anywhere             reject-with icmp-port-unreachable
REJECT     all  --  183.94.193.154       anywhere             reject-with icmp-port-unreachable
REJECT     all  --  116.31.116.21        anywhere             reject-with icmp-port-unreachable
REJECT     all  --  59.63.188.30         anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere


Chain ispmgr_allow_ip (1 references)
target     prot opt source               destination


Chain ispmgr_allow_sub (1 references)
target     prot opt source               destination

Chain ispmgr_deny_ip (1 references)
target     prot opt source               destination

Chain ispmgr_deny_sub (1 references)
target     prot opt source               destination

Chain ispmgr_limit_req (0 references)
target     prot opt source               destination
iptables-save
Code:
# Generated by iptables-save v1.4.21 on Fri Mar 17 13:13:16 2017
*mangle
:PREROUTING ACCEPT [26425:17749028]
:INPUT ACCEPT [3199:269429]
:FORWARD ACCEPT [22607:17455062]
:OUTPUT ACCEPT [3438:1632623]
:POSTROUTING ACCEPT [25647:19038078]
COMMIT
# Completed on Fri Mar 17 13:13:16 2017
# Generated by iptables-save v1.4.21 on Fri Mar 17 13:13:16 2017
*nat
:PREROUTING ACCEPT [1589:89647]
:INPUT ACCEPT [361:27018]
:OUTPUT ACCEPT [67:5275]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o vmbr0 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Fri Mar 17 13:13:16 2017
# Generated by iptables-save v1.4.21 on Fri Mar 17 13:13:16 2017
*filter
:INPUT ACCEPT [38:2610]
:FORWARD ACCEPT [33:3736]
:OUTPUT ACCEPT [65:13304]
:fail2ban-ssh - [0:0]
:ispmgr_allow_ip - [0:0]
:ispmgr_allow_sub - [0:0]
:ispmgr_deny_ip - [0:0]
:ispmgr_deny_sub - [0:0]
:ispmgr_limit_req - [0:0]
-A INPUT -j ispmgr_deny_ip
-A INPUT -j ispmgr_allow_ip
-A INPUT -j ispmgr_allow_sub
-A INPUT -j ispmgr_deny_sub
-A INPUT -m set --match-set ispmgr_limit_req src -j DROP
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A INPUT -p tcp -m tcp --dport 222 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A FORWARD -i tap200i0 -j ACCEPT
-A FORWARD -i tap100i0 -j ACCEPT
-A fail2ban-ssh -s 91.197.232.109/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-ssh -s 218.65.30.210/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-ssh -s 116.31.116.21/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-ssh -j RETURN
-A fail2ban-ssh -j RETURN
COMMIT
# Completed on Fri Mar 17 13:13:16 2017
ifconfig
Code:
eth0      Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          
          

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          

tap100i0  Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
         

tap200i0  Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
         

vmbr0     Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
          inet addr:XXX.XXX.XXX.XXX  Bcast:XXX.XXX.XXX.XXX  Mask:255.255.255.224
          inet6 addr: XXXXXXXX Scope:Link
ip route list
Code:
default via XXX.XXX.XXX.XXX dev vmbr0
AAA.AAA.AAA.AAA dev vmbr0  scope link
BBB.BBB.BBB.BBB dev vmbr0  scope link
XXX.XXX.XXX.XXX/27 dev vmbr0  proto kernel  scope link  src XXX.XXX.XXX.XXX
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
inter netns container connection problem hirura Linux - Networking 0 04-17-2015 05:45 PM
[Postfix/smtp] 25 connection refused / connection timed out wewanwang Linux - Server 2 12-22-2014 01:14 AM
vsftpd not working: Connection attempt failed with "ECONNREFUSED - Connection refused davidlu766 Linux - Server 7 05-03-2010 08:34 PM
Socket Connection Failed: 111 Connection Refused degraffenried13 Linux - General 3 05-31-2009 01:17 AM
eth0 going down (connection reset by peer, then connection refused) Astarath Slackware 1 09-05-2007 05:14 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:44 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration