On Tue, Jun 21, 2005 at 11:58:38AM +0200, Etienne Pretorius wrote: > Just on another note: > > I did some testing, I removed the > " SNAT all -- * eth1 0.0.0.0/0 > 0.0.0.0/0 to:192.168.5.99 " > rule. > Changed the 196 address to a 192.168.5.49 address, and rebound all the > services to that address. > I also came accross an IRC log and used "bcapabilities" > > NET_BROADCAST > NET_RAW
this is not a good idea, if you are concerned about security ... > This made it work fine... > > But how will I get this to work for the 196 address? As the host's eth1 > is still a 192 address -could > this be causing some problems? check the archives, using proper routing and host nating should solve this, will look into it later and probably post a more detailed explanation ... best, Herbert > Kind Regards > Etienne > > > Etienne Pretorius wrote: > > >Hi there, > > > >I would like to know if any1 can shed some light for me on the following: > > > >I have a "Host" with the ip addresses > > eth0 192.168.1.33 > > eth1 192.168.5.99 > > ppp0 <dynamic> > > > >Inside this host I have a vserver with the following ip addresses: > > eth0 192.168.1.2 > > eth1 196.25.113.3 > > > >My Nat table looks like so: > > Chain PREROUTING (policy ACCEPT 66 packets, 4577 bytes) > > pkts bytes target prot opt in out > >source destination > > > > Chain POSTROUTING (policy ACCEPT 2 packets, 288 bytes) > > pkts bytes target prot opt in out > >source destination > > 0 0 SNAT all -- * ppp0 > >0.0.0.0/0 0.0.0.0/0 to:<dynamic ip> > > 5 420 SNAT all -- * eth1 > >0.0.0.0/0 0.0.0.0/0 to:192.168.5.99 > > > > Chain OUTPUT (policy ACCEPT 7 packets, 708 bytes) > > pkts bytes target prot opt in out > >source destination > > > >I would like the services on the vserver to be avialible to the > >outside network; > >I first thought that if I give the vserver 10.x.x.x ip addresses and > >have an aliased ip 196.25.113.3 on the host > >and then preform natting then my problem will be solved, but > >unfortunately this is not so. As I can't seem to be > >able to add the 196 address to the eth1 for the aliaseing to occur. > > > >I am just interisted what others could suggest to me to do in this > >senario. > > > >BTW using Debian kernel 2.6.8 and vserver 1.9 > > > > _______________________________________________ > Vserver mailing list > [email protected] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
