Hi all,

I am new to Vserver, but i followed the tuto here: http://howtoforge.com/linux_vserver_debian_etch

I ran
newvserver --vsroot /var/lib/vservers/ --hostname mail --domain mydom.com --ip 192.168.0.100/24 --dist etch --mirror http://ftp.au.debian.org/debian/ --interface eth1 and then i entered my new vserver.

I instaled ssh.

But then, when i connect on ssh on 192.168.0.100, i am connected on the host (the one hosting the vservers). I can find all my files from my home folder, and so ...

If i scan 192.168.0.100, i have all open ports of the host..

Any ideas ?
Thanks

Here is what I get in my vserver:
root@test1:/# uname -r
2.6.22-3-vserver-k7
root@test1:/#

root@test1:/# ps -a
PID TTY TIME CMD
11050 pts/0 00:00:00 vcontext
11383 pts/3 00:00:00 ps
root@test1:/#

root@test1:/# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 261782 /dev/log
root@test1:/#
root@test1:/# ifconfig -a
eth1 Link encap:Ethernet HWaddr 00:13:8F:2F:66:80
inet addr:192.168.10.100 Bcast:192.168.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2672522 errors:0 dropped:0 overruns:0 frame:0
TX packets:3621570 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1106348049 (1.0 GiB) TX bytes:3610628966 (3.3 GiB)
Interrupt:17 Base address:0xb800

root@test1:/# These network stats are the one of my host !!

And if I search for OpenSSH,
root@test1:/# /etc/init.d/ssh restart
Restarting OpenBSD Secure Shell server: sshd.
root@test1:/# ps -aux
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.1 0.1 2036 700 ? Ss 12:35 0:01 init [2]
root 11037 0.0 0.1 1628 616 ? Ss 12:35 0:00 /sbin/syslogd
root 11425 7.5 0.0 116 36 pts/0 S+ 12:48 0:00 login
root 11452 6.0 0.4 4740 2528 pts/3 Ss 12:48 0:00 /bin/bash -logi
root 11465 0.0 0.1 3428 1000 pts/3 R+ 12:48 0:00 ps -aux
root@test1:/#
Where is OpenSSH process ?

So the host is already using 192.168.0.100? If so, you must use another IP address for the guest.

I hope it would be that.
But my host is using another IP address.

On my host
romain@mars:~$ sudo ifconfig
[sudo] password for romain:
eth1 Link encap:Ethernet HWaddr 00:13:8f:2f:66:80
inet addr:192.168.10.10 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::213:8fff:fe2f:6680/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3015328 errors:0 dropped:0 overruns:0 frame:0
TX packets:4108881 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1240736548 (1.1 GiB) TX bytes:4082702572 (3.8 GiB)
Interrupt:17 Base address:0xb800
On my guest:
root@test1:/# ifconfig
eth1 Link encap:Ethernet HWaddr 00:13:8F:2F:66:80
inet addr:192.168.10.100 Bcast:192.168.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3027805 errors:0 dropped:0 overruns:0 frame:0
TX packets:4126431 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1246326050 (1.1 GiB) TX bytes:4098424900 (3.8 GiB)
Interrupt:17 Base address:0xb800

root@test1:/#

192.168.10.10 != 192.168.10.100

What are the outputs of iptables -L on the host and route -nee on the guest?

On my host, firewall policies are at ACCEPT by default:
(fail2ban is a bit messing the output)

romain@mars:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-sasl tcp -- anywhere anywhere multiport dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
fail2ban-named-refused-tcp tcp -- anywhere anywhere multiport dportsdomain,953
fail2ban-vsftpd tcp -- anywhere anywhere multiport dports ftp,ftp-data,ftps,ftps-data
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
fail2ban-named-refused-udp udp -- anywhere anywhere multiport dportsdomain,953

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain fail2ban-named-refused-tcp (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-named-refused-udp (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-sasl (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-vsftpd (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
romain@mars:~$

On the guest Vserver:
root@test3:/# route -nee
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface MSS Window irtt
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 * 0 0 0
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0 0 0
0.0.0.0 0.0.0.0 0.0.0.0 UG 0 0 0 * 0 0 0
root@test3:/#

Hm, I can'T find a hint why it's not working... :(

Ok, i got the answer:
http://linux-vserver.org/Frequently_Asked_Questions#When_I_try_to_ssh_to_th e_guest.2C_I_log_into_the_host.2C_even_if_I_instal led_sshd_on_the_guest._What.27s_wrong_here.3F

In short, all applications like SSH that are listening on 0.0.0.0 are intercepting the access to the guest.

So i reconfigured my host with:
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
ListenAddress 192.168.10.10And my guest with:
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
ListenAddress 192.168.10.100It is working smooth now :)