Hi This kind of question belong more on the openvz forum http://forum.openvz.org/.
Please ask there. However I think it is not worwarded through "lo", instead I guess you have IP forwarding turned on in the kernel and as the kernel gets aware of those datagrams it will forward it to the correct place. To prevent that I guess you have to add some firewalling rules (see iptables). But again, this better belong on the forum, and I may be totally wrong. Cheers, // Ola On Tue, Aug 20, 2013 at 12:04:42AM +0400, spameden wrote: > Hi, list. > I'm sorry for copying 2 lists, but I really want to know what I'm doing > wrong. > I'm using Debian 6 Squeeze and OpenVZ CentOS kernel (converted from rpm > to deb). > I'm using veth as well as venet devices for networking. > To isolate multiple containers from each other I'm using vzbrXXX > devices on debian like this: > auto vzbr203 > iface vzbr203 inet static > address 192.168.203.1 > netmask 255.255.255.0 > broadcast 192.168.203.255 > bridge_ports none > bridge_fd 0 > bridge_maxwait 0 > auto vzbr202 > iface vzbr202 inet static > address 192.168.202.1 > netmask 255.255.255.0 > broadcast 192.168.202.255 > bridge_ports none > bridge_fd 0 > bridge_maxwait 0 > The problem I'm facing that in VE (for example with CTID 202) I can > ping or query 192.168.203.1 which is on HN of course, but I thought it > shouldn't be reachable. > Here is route table and ifconfig on CTID 202: > # ip r > default dev lo scope link > # ifconfig -a > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:84021 errors:0 dropped:0 overruns:0 frame:0 > TX packets:84021 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:5045068 (4.8 MiB) TX bytes:5045068 (4.8 MiB) > venet0 Link encap:UNSPEC HWaddr > 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 > BROADCAST POINTOPOINT NOARP MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) > So I guess it's going through lo device? Why and how can I block this? > Many thanks. > _______________________________________________ > Debian mailing list > [email protected] > https://lists.openvz.org/mailman/listinfo/debian -- --------------------- Ola Lundqvist --------------------------- / [email protected] Annebergsslingan 37 \ | [email protected] 654 65 KARLSTAD | | http://inguza.com/ +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --------------------------------------------------------------- _______________________________________________ Users mailing list [email protected] https://lists.openvz.org/mailman/listinfo/users
