Re: [Vserver] guaranteeing a certain ip is used?

2005-11-09 Thread Herbert Poetzl 
On Mon, Nov 07, 2005 at 06:20:34PM -0500, Chuck wrote:
 
 I have many ip addresses on each of 4 ethernet cards using iproute2.
 
 one of my guests must absolutely always send and receive on a certain
 ip address which is not the first ip on the card. I have bound the
 service (radius) to that ip which is the only one the guest is given.
 I have not proven it but have a suspicion that once in a while a
 radius reply is getting sent out the primary ip of either the card or
 eth0 (the card is eth3 and the default system gateway is for eth0..
 the rest use default gateway routing via tables).

 is there some magic that can guarantee that guest and subsequent
 handling by the host can never mess up and always use that single ip
 for all traffic while not affecting other guests?

a guest, bound to a specific IP (only one), will _always_
use this IP for outgoing ip based connections, reponses
or whatever, so, as long as you do not give CAP_NET_RAW
it will ensure that only that IP is used ...

of course, this IP might be mangled by some NAT rules
so make sure _not_ to do that ...

 my net setup for this card is as follows
 
 config_eth3=( 64.113.39.252 netmask 255.255.255.0 broadcast 64.113.39.255 )
 routes_eth3=( 64.113.39.0/24 src 64.113.39.252 table 39net )
 routes_eth3=( default via 64.113.39.1 table 39net )
 rules_eth3=( from 64.113.39.0/24 table 39net )
 
 would it work or help to duplicate the first routes_eth3 line but
 using the ip of the guest? eg:
 
 routes_eth3=( 64.113.39.0/24 src 64.113.39.5 table 39net )
 
 or would this confuse the networking code? i would think this ip would
 be 'covered' by the rule set in the last line.

 i am still very green when it comes to iproute2 and what it can do.

routes will only 'suggest' certain IPs for outgoing 
packets, there is no 'requirement' to use a certain
IP for a packet defined in IP networking

 what is happening is I am missing a LOT of stop packets. many more
 than i ever did before I moved radius to a guest and I need to fix
 this because when a stop is missed people cannot log in as they get
 simulteneous use errors.

what protocl are those packets? tcp? udp? base ip?

 maybe somehow assigning this guest slightly more priority? don't know
 .. grabbing at straws here.. the configuration of radius is fine and
 is just as it was when it was running by itself on its own server.

guess we need more info too ...

best,
Herbert

 -- 
 
 Chuck
 
 ...and the hordes of M$*ft users descended upon me in their anger,
 and asked 'Why do you not get the viruses or the BlueScreensOfDeath
 or insecure system troubles and slowness or pay through the nose 
 for an OS as *we* do?!!', and I answered...'I use Linux'. 
 The Book of John, chapter 1, page 1, and end of book
 
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] guaranteeing a certain ip is used?

2005-11-07 Thread Chuck 

I have many ip addresses on each of 4 ethernet cards using iproute2.

one of my guests must absolutely always send and receive on a certain ip 
address which is not the first ip on the card. I have bound the service 
(radius) to that ip which is the only one the guest is given. I have not 
proven it but have a suspicion that once in a while a radius reply is getting 
sent out the primary ip of either the card or eth0 (the card is eth3 and the 
default system gateway is for eth0.. the rest use default gateway routing via 
tables).

is there some magic that can guarantee that guest and subsequent handling by 
the host can never mess up and always use that single ip for all traffic 
while not affecting other guests?

my net setup for this card is as follows

config_eth3=( 64.113.39.252 netmask 255.255.255.0 broadcast 64.113.39.255 )
routes_eth3=( 64.113.39.0/24 src 64.113.39.252 table 39net )
routes_eth3=( default via 64.113.39.1 table 39net )
rules_eth3=( from 64.113.39.0/24 table 39net )

would it work or help to duplicate the first routes_eth3 line but using the ip 
of the guest? eg:

routes_eth3=( 64.113.39.0/24 src 64.113.39.5 table 39net )

or would this confuse the networking code?
i would think this ip would be 'covered' by the rule set in the last line.

i am still very green when it comes to iproute2 and what it can do.


what is happening is I am missing a LOT of stop packets. many more than i ever 
did before I moved radius to a guest and I need to fix this because when a 
stop is missed people cannot log in as they get simulteneous use errors.

maybe somehow assigning this guest slightly more priority? don't know .. 
grabbing at straws here.. the configuration of radius is fine and is just as 
it was when it was running by itself on its own server.


-- 

Chuck

...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles and slowness or pay through the nose 
for an OS as *we* do?!!', and I answered...'I use Linux'. 
The Book of John, chapter 1, page 1, and end of book


___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver