tags 411254 + unreproducible thanks Hi Patrick
Now I have tried to reproduce your problem, but was not able to. The only thing I can see that differs between your and mine setup (except for the ip-addresses of course) is that you had scope global secondary listed for both interfaces but I can hardly see that it matters. I think you have a faulty kernel. Regards, // Ola On Tue, Feb 20, 2007 at 05:13:47PM +0100, Patrick Matthäi wrote: > > Hi, > I'm using: > /sbin/iptables -I INPUT -s $ip -j DROP" > Output: > cx1026:~# iptables -vn -L > Chain INPUT (policy ACCEPT 3143K packets, 567M bytes) > pkts bytes target prot opt in out source > destination > 0 0 DROP 0 -- * * xxx.xxx.xxx.xxx > 0.0.0.0/0 > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > Chain OUTPUT (policy ACCEPT 4281K packets, 970M bytes) > pkts bytes target prot opt in out source > destination > cx1026:~# iptables -vn -L -t nat > Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > cx1026:~# > Ola Lundqvist schrieb: > ... > Hi, > for example the IP yyy.yyy.yyy.yyy was added about newvserver ( cmd: > newvserver --vsroot /var/lib/vservers/ --hostname vs<ID> --domain > <ourdomain> --ip yyy.yyy.yyy.yyy/24 --dist etch --mirror > [1][1][1][1]http://ftp.de.debian.org/debian --interface eth0 ). This IP > lies > on > eth0:1. > The IP yyy.yyy.yyy.83 was added manualy. Here the configs: > # cat /etc/vservers/vs4/interfaces/1/ > dev ip prefix > cx1026:~# cat /etc/vservers/vs4/interfaces/1/* > eth1 > yyy.yyy.yyy.83 > 24 > cx1026:~# > In /interfaces/0/ is the IP which is added by newvserver. > Ola Lundqvist schrieb: > ... > > Hi, > > Please don't publish this email ( because of sensible datas ). Obfuscated all sensible data now. > Hm I think it's a bug, the one IPs that were on eth0:1 / :2 etc are now > called eth0 too? ( that are the ones, which are added to an vserver > automaticaly with newvserver ). > > > cx1026:~/control# ip addr > 1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever > 2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000 > link/ether 00:11:09:ca:8a:19 brd ff:ff:ff:ff:ff:ff > inet yyy.yyy.yyy.201/24 brd yyy.yyy.yyy.255 scope global eth0 > inet yyy.yyy.yyy.83/24 brd yyy.yyy.yyy.255 scope global secondary eth0:4 > inet yyy.yyy.yyy.80/24 brd yyy.yyy.yyy.255 scope global secondary eth0 > inet yyy.yyy.yyy.81/24 brd yyy.yyy.yyy.255 scope global secondary eth0 > inet yyy.yyy.yyy.82/24 brd yyy.yyy.yyy.255 scope global secondary eth0 > inet yyy.yyy.yyy.84/24 brd yyy.yyy.yyy.255 scope global secondary eth0:5 > inet yyy.yyy.yyy.85/24 brd yyy.yyy.yyy.255 scope global secondary eth0:6 > inet yyy.yyy.yyy.86/24 brd yyy.yyy.yyy.255 scope global secondary eth0:7 > inet yyy.yyy.yyy.87/24 brd yyy.yyy.yyy.255 scope global secondary eth0:8 > inet yyy.yyy.yyy.88/24 brd yyy.yyy.yyy.255 scope global secondary eth0:9 > inet yyy.yyy.yyy.89/24 brd yyy.yyy.yyy.255 scope global secondary eth0:10 > inet yyy.yyy.yyy.90/24 brd yyy.yyy.yyy.255 scope global secondary eth0:11 > inet yyy.yyy.yyy.91/24 brd yyy.yyy.yyy.255 scope global secondary eth0:12 > inet yyy.yyy.yyy.92/24 brd yyy.yyy.yyy.255 scope global secondary eth0:13 > inet yyy.yyy.yyy.93/24 brd yyy.yyy.yyy.255 scope global secondary eth0:14 > inet yyy.yyy.yyy.94/24 brd yyy.yyy.yyy.255 scope global secondary eth0:15 > inet6 fe80::211:9ff:feca:8a19/64 scope link > valid_lft forever preferred_lft forever > 3: sit0: <NOARP> mtu 1480 qdisc noop > link/sit 0.0.0.0 brd 0.0.0.0 > > > > > cx1026:~/control# ifconfig > eth0 Protokoll:Ethernet Hardware Adresse HW:AD:DR:ES:S0:00 > inet Adresse:yyy.yyy.yyy.201 Bcast:yyy.yyy.yyy.255 > Maske:255.255.255.0 > inet6 Adresse: fe80::211:9ff:feca:8a19/64 > Gültigkeitsbereich:Verbindung > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:19956166 errors:0 dropped:0 overruns:0 frame:0 > TX packets:13323742 errors:0 dropped:0 overruns:0 carrier:0 > Kollisionen:0 Sendewarteschlangenlänge:1000 > RX bytes:3393699359 (3.1 GiB) TX bytes:2878525904 (2.6 GiB) > Interrupt:169 Basisadresse:0x2f00 > > eth0:4 Protokoll:Ethernet Hardware Adresse HW:AD:DR:ES:S0:00 > inet Adresse:yyy.yyy.yyy.83 Bcast:yyy.yyy.yyy.255 > Maske:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:169 Basisadresse:0x2f00 > > eth0:5 Protokoll:Ethernet Hardware Adresse HW:AD:DR:ES:S0:00 > inet Adresse:yyy.yyy.yyy.84 Bcast:yyy.yyy.yyy.255 > Maske:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:169 Basisadresse:0x2f00 > > eth0:6 Protokoll:Ethernet Hardware Adresse HW:AD:DR:ES:S0:00 > inet Adresse:yyy.yyy.yyy.85 Bcast:yyy.yyy.yyy.255 > Maske:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:169 Basisadresse:0x2f00 > > eth0:7 Protokoll:Ethernet Hardware Adresse HW:AD:DR:ES:S0:00 > inet Adresse:yyy.yyy.yyy.86 Bcast:yyy.yyy.yyy.255 > Maske:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:169 Basisadresse:0x2f00 > > eth0:8 Protokoll:Ethernet Hardware Adresse HW:AD:DR:ES:S0:00 > inet Adresse:yyy.yyy.yyy.87 Bcast:yyy.yyy.yyy.255 > Maske:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:169 Basisadresse:0x2f00 > > eth0:9 Protokoll:Ethernet Hardware Adresse HW:AD:DR:ES:S0:00 > inet Adresse:yyy.yyy.yyy.88 Bcast:yyy.yyy.yyy.255 > Maske:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:169 Basisadresse:0x2f00 > > eth0:10 Protokoll:Ethernet Hardware Adresse HW:AD:DR:ES:S0:00 > inet Adresse:yyy.yyy.yyy.89 Bcast:yyy.yyy.yyy.255 > Maske:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:169 Basisadresse:0x2f00 > > eth0:11 Protokoll:Ethernet Hardware Adresse HW:AD:DR:ES:S0:00 > inet Adresse:yyy.yyy.yyy.90 Bcast:yyy.yyy.yyy.255 > Maske:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:169 Basisadresse:0x2f00 > > eth0:12 Protokoll:Ethernet Hardware Adresse HW:AD:DR:ES:S0:00 > inet Adresse:yyy.yyy.yyy.91 Bcast:yyy.yyy.yyy.255 > Maske:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:169 Basisadresse:0x2f00 > > eth0:13 Protokoll:Ethernet Hardware Adresse HW:AD:DR:ES:S0:00 > inet Adresse:yyy.yyy.yyy.92 Bcast:yyy.yyy.yyy.255 > Maske:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:169 Basisadresse:0x2f00 > > eth0:14 Protokoll:Ethernet Hardware Adresse HW:AD:DR:ES:S0:00 > inet Adresse:yyy.yyy.yyy.93 Bcast:yyy.yyy.yyy.255 > Maske:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:169 Basisadresse:0x2f00 > > eth0:15 Protokoll:Ethernet Hardware Adresse HW:AD:DR:ES:S0:00 > inet Adresse:yyy.yyy.yyy.94 Bcast:yyy.yyy.yyy.255 > Maske:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:169 Basisadresse:0x2f00 > > lo Protokoll:Lokale Schleife > inet Adresse:127.0.0.1 Maske:255.0.0.0 > inet6 Adresse: ::1/128 Gültigkeitsbereich:Maschine > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:8172 errors:0 dropped:0 overruns:0 frame:0 > TX packets:8172 errors:0 dropped:0 overruns:0 carrier:0 > Kollisionen:0 Sendewarteschlangenlänge:0 > RX bytes:742558 (725.1 KiB) TX bytes:742558 (725.1 KiB) > > > > # route -n > Kernel IP Routentabelle > Ziel Router Genmask Flags Metric Ref Use > Iface > yyy.yyy.yyy.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 0.0.0.0 yyy.yyy.yyy.1 0.0.0.0 UG 0 0 0 eth0 > > ... --- Ola Lundqvist systemkonsult --- M Sc in IT Engineering ---- / [EMAIL PROTECTED] Annebergsslingan 37 \ | [EMAIL PROTECTED] 654 65 KARLSTAD | | http://opalsys.net/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --------------------------------------------------------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
