On Thu, Jan 08, 2009 at 09:11:26AM +0100, Benoit Branciard wrote: > > Since the official behaviour of choosing the local bind address is > undefined, you can't simply trust the way it is currently accomplished in > linux kernel. It may change without notice, and that would not be portable.
My feeling is that it would break a lot of things if kernel developers changed that behaviour. Moreover we don't change kernels that often over here, and if we did have to change to an incompatible one, then I could always consider using a different (possibly more resource-hungry and one introducing more complexity) mechanism for controling this (like NAT or proxy). To be honest I don't care much about portability in this particular case either - OpenVZ is not that portable across OSes, is it? :-) > But in your case (internet access vs. private net access), can't you manage > to direct traffic with adequate routes ? This was my first thought, but I couldn't find a way to do this. > I believe your RFC1918 addresses only give access to private networks, > whereas the other(s) give access to internet. So you just need to have your > default route defined on the public address only, and a limited-reach route > (say 192.168.0.0/16) on the other addresses. Or if you have only one > private subnet, no route at all. > > Unless I missed something from your setup... Well, this is inside a VE, which has only one network interface (venet0), and the routing table is not particularily relevant to the addresses which are configured on this interface, e.g.: | $ ip a | 1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue | link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 | inet 127.0.0.1/8 scope host lo | inet6 ::1/128 scope host | valid_lft forever preferred_lft forever | 3: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,10000> mtu 1500 qdisc noqueue | link/void | inet 127.0.0.1/32 scope host venet0 | inet 94.75.212.193/32 scope global venet0:0 | inet 10.0.1.103/32 scope global venet0:1 | $ ip r | 192.0.2.1 dev venet0 scope link | default via 192.0.2.1 dev venet0 | $ I don't think it's possible to have more than one venet interface per VE (I don't want to use veth mostly for security and ease-of-use reasons). Please correct me if I'm wrong, but given that you have only one interface, I don't think that routing can affect address binding (which happens waaay before the kernel gets to routing any packets). regards, -- Marcin Owsiany <[email protected]> http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 "Every program in development at MIT expands until it can read mail." -- Unknown _______________________________________________ Users mailing list [email protected] https://openvz.org/mailman/listinfo/users
