On Mon, Nov 07, 2005 at 06:20:34PM -0500, Chuck wrote:
I have many ip addresses on each of 4 ethernet cards using iproute2.
one of my guests must absolutely always send and receive on a certain
ip address which is not the first ip on the card. I have bound the
service (radius) to that ip which is the only one the guest is given.
I have not proven it but have a suspicion that once in a while a
radius reply is getting sent out the primary ip of either the card or
eth0 (the card is eth3 and the default system gateway is for eth0..
the rest use default gateway routing via tables).
is there some magic that can guarantee that guest and subsequent
handling by the host can never mess up and always use that single ip
for all traffic while not affecting other guests?
a guest, bound to a specific IP (only one), will _always_
use this IP for outgoing ip based connections, reponses
or whatever, so, as long as you do not give CAP_NET_RAW
it will ensure that only that IP is used ...
of course, this IP might be mangled by some NAT rules
so make sure _not_ to do that ...
my net setup for this card is as follows
config_eth3=( 64.113.39.252 netmask 255.255.255.0 broadcast 64.113.39.255 )
routes_eth3=( 64.113.39.0/24 src 64.113.39.252 table 39net )
routes_eth3=( default via 64.113.39.1 table 39net )
rules_eth3=( from 64.113.39.0/24 table 39net )
would it work or help to duplicate the first routes_eth3 line but
using the ip of the guest? eg:
routes_eth3=( 64.113.39.0/24 src 64.113.39.5 table 39net )
or would this confuse the networking code? i would think this ip would
be 'covered' by the rule set in the last line.
i am still very green when it comes to iproute2 and what it can do.
routes will only 'suggest' certain IPs for outgoing
packets, there is no 'requirement' to use a certain
IP for a packet defined in IP networking
what is happening is I am missing a LOT of stop packets. many more
than i ever did before I moved radius to a guest and I need to fix
this because when a stop is missed people cannot log in as they get
simulteneous use errors.
what protocl are those packets? tcp? udp? base ip?
maybe somehow assigning this guest slightly more priority? don't know
.. grabbing at straws here.. the configuration of radius is fine and
is just as it was when it was running by itself on its own server.
guess we need more info too ...
best,
Herbert
--
Chuck
...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles and slowness or pay through the nose
for an OS as *we* do?!!', and I answered...'I use Linux'.
The Book of John, chapter 1, page 1, and end of book
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver