On Fri, 2010-03-05 at 18:17 +0000, Nils Toedtmann wrote: > On 05/03/10 16:20, Michael H. Warfield wrote: > > On Fri, 2010-03-05 at 15:33 +0000, Nils Toedtmann wrote: > [...] > >> The problem seems to be that OpenVZ does not allow containers to "spoof" > >> packets, that is sending IP packets with source IP addresses other than > >> the container's IP addresses. When i capture within the OpenVPN > >> container, i can clearly see packets (having arrived through the tunnel) > >> leaving the OpenVPN container via venet0, but i can't see them when i > >> sniff venet0 from the hardware node. > >> > >> I tried granting capabilities net_admin and net_raw to the OpenVPN > >> containers, but no luck. > >> > >> How do i allow a container to send IP packets from other IP addresses > >> than its own - any ideas? > > > > First question I always have to ask. Are you using the vnet driver or > > the veth driver? If the vnet driver, I'm not surprised. Others may > > have a way to get it working with the vnet driver but I gave up on it > > long ago as just too broken on IPv6. Try the veth driver, which means > > setting up bridging but may be a private bridge on that host as well, so > > you can emulate the vnet behavior, if that's your want.
> Thank you Michael! > After reading http://wiki.openvz.org/Veth i must admit that i use vnet > (i just followed the usual instructions for OpenVZ on CentOS). Thanks > for pointing me to veth, looks promising and much closer to the > networking setup of all other virtualisation techniques i know. > My problem is that i have a productive environment and i do not want to > reconfigure the networking for all containers. Can i have a mixed setup, > using veth for only some of the containers? (i am familiar with > routing/bridging/proxy_arp etc) Oh, absolutely, yes. You can have a mixed environment. > /nils. Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | [email protected] /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Users mailing list [email protected] https://openvz.org/mailman/listinfo/users
