所以我的服务器正在运行...
Distributor ID: Ubuntu
Description: Ubuntu 13.04
Release: 13.04
Codename: raring
当我试图在我运行的一台小型服务器上寻找可以替代 vmware 的东西时,我偶然发现了 lxc。当它工作时我真的很喜欢它,但这个却完全令人困惑...
我有 4 个容器,Web、电子邮件、DNS、DB。前三个与我拥有的公共地址绑定。它们都正常显示。
以电子邮件服务器为例。我启动它并在网络上看到它。我可以去任何地方。我去主机并 ping 其公共地址并得到响应,但当我尝试从主机 telnet 到 smtp 端口时,我收到“连接被拒绝”
所以我回到容器控制台并 telnet 到公共地址(就像我从主机执行的操作一样)并且它连接...
这是 Ubuntu 的全新安装,就像我说的,它在昨天重启之前运行完美……
我迷路了……我的三个公共地址都出现了这种情况。不知道你想看什么,所以我只会放几件事……
电子邮件容器 netstat -tal
root@mail:/etc/network# netstat -tal
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:mysql *:* LISTEN
tcp 0 0 *:submission *:* LISTEN
tcp 0 0 *:pop3 *:* LISTEN
tcp 0 0 localhost:spamd *:* LISTEN
tcp 0 0 *:imap2 *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 *:imaps *:* LISTEN
tcp 0 0 *:pop3s *:* LISTEN
tcp 0 0 localhost:10024 *:* LISTEN
tcp 0 0 localhost:10025 *:* LISTEN
tcp 0 0 mail.centralvahos:49681 web.centralvahost:mysql TIME_WAIT
tcp6 0 0 [::]:submission [::]:* LISTEN
tcp6 0 0 [::]:pop3 [::]:* LISTEN
tcp6 0 0 [::]:imap2 [::]:* LISTEN
tcp6 0 0 [::]:tproxy [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 [::]:smtp [::]:* LISTEN
tcp6 0 0 [::]:imaps [::]:* LISTEN
tcp6 0 0 [::]:pop3s [::]:* LISTEN
首先我的电子邮件容器 IPTables... root@mail:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination
fail2ban-dovecot-pop3imap tcp -- anywhere anywhere
multiport dports pop3,pop3s,imap2,imaps fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-dovecot-pop3imap (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
还有我的界面……
auto em1
auto em1:0
auto em1:1
iface em1 inet static
address 10.0.0.98
netmask 255.255.255.240
gateway 10.0.0.1
dns-nameservers 8.8.8.8
iface em1:0 inet static
address 10.0.0.99
netmask 255.255.255.240
gateway 10.0.0.1
dns-nameservers 8.8.8.8
iface em1:1 inet static
address 10.0.0.100
netmask 255.255.255.240
gateway 10.0.0.1
dns-nameservers 8.8.8.8
(I have changed my numbers but u can see the other stuff...)
还有我的电子邮件服务器容器配置......
lxc.network.type = veth
lxc.network.hwaddr = 00:16:3e:c8:e2:b0
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.rootfs = /var/lib/lxc/EMail/rootfs
lxc.mount = /var/lib/lxc/EMail/fstab
lxc.pivotdir = lxc_putold
lxc.devttydir = lxc
lxc.tty = 4
lxc.pts = 1024
lxc.utsname = EMail
lxc.arch = amd64
lxc.cap.drop = sys_module mac_admin mac_override
lxc.network.ipv4 = <my_address>/26
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 254:0 rwm
lxc.cgroup.devices.allow = c 10:229 rwm
lxc.cgroup.devices.allow = c 10:200 rwm
lxc.cgroup.devices.allow = c 1:7 rwm
lxc.cgroup.devices.allow = c 10:228 rwm
lxc.cgroup.devices.allow = c 10:232 rwm