On Thu, 2013-08-29 at 11:47 -0400, Robert Pendell wrote: > Ok... so this might not even be possible so this will be theoretical > speak only. I don't have a configuration at the moment as the > progress I made before was wiped when I gave up before. I found out > about some limitations from my host so I was wondering if this scheme > was possible.
I think this is very possible. At first, I thought you were asking about vampire routing where machines share an IP address (or one machine is sitting on the path but acting as a vampire for an IP and MAC address) but you're really talking about two IP addresses on the same MAC address, sort of what cable /dsl modems do when you allocate a passthrough host while they maintain minimal admin access. Ok, so that, in and of itself, is actually pretty trivial. The splitting of the two IP addresses to two machines (virtual or otherwise) while sharing a common MAC address is what gets entertaining. In this case, I think you need to get really intimately up close and personal with ebtables. Specifically with MAC level NAT in the brouting chain. I've never done this myself (but I have explored the possibilities for vampire routing) but I think that can provide you with the hooks that will do what you want to do. > Both IP1 and IP2 are on different subnets. Statically assigned by provider. > Container1 will be a container that I want to expose to the world > bypassing iptables. > > There is an additional issue here. The container's mac address can't > be leaked over the bridge. It must appear to be coming from the host. > Reason is because switch security doesn't allow unauthorized mac > addresses to route. > > Host has IP1 on br0 > Host routes IP2 to Container1 but it isn't assigned to the interface? > (eg I don't want any services on the host to be able to bind to IP2 at > all) > > Container1 handles IP2 on virtual eth0 > Container2 (and so forth) are NAT routed for testing > > Can this be done at all? Any input will be extremely useful. > > Robert Pendell > shi...@elite-systems.org > A perfect world is one of chaos. Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users