On Thu, Sep 08, 2005 at 02:40:25PM +0200, Oliver Welter wrote: > Hi List, > > I have a stupid problem and cant track it down :( > > I have a host system running, that owns IP in two networks (realized > via VLANs if it matters) > > So I have: > eth0.1 -> 10.0.0.10 (NetA) > eth0.2 -> 192.168.0.10 (NetB) > > The setup on the host ist running, means I can ping hosts in both > networks, the default route is set via the 10. and works, too. Both > IPs can be pinged from outside too. > > Now the problem: > I have a guest that owns only an IP from NetA - I can ping everythig > except hosts in NetB. The problem seems to be, that there is a route > for NetB shown inside the server, but this route uses an invalid > interface (the other VLAN, it is indicatede with "*" in the routing > table) > > route -n: > 10.0.0.0/24 -> eth0.1 > 192.168.168.0.0/24 -> * > 0.0.0.0/0 -> 10.0.0.1 > > So any ideas how I can remove the invalid route from the vServer ? > The expected behaviour will be, that the guest sends the packets for > NetB to the router (a cisco maschine) using the default route as the > destination is not on the same network.
*sigh* this is a common misconception, networking (for now, i.e. without ngnet) is happening on the host, so everything the host has or does will be applicable for the guests as well, except for the fact that they might be reduced in flexibility regarding the IP addresses ... > It might also be a solution to use the host system for routing between > the nets... no, because the host is already routing the nets :) > Is there any solution with teh real IPs or must I create > loopback/dummy networks and lots of NATs ? loopback/dummy will not change the situation, but for what you actually want, SNAT is the correct solution now for the part _what_ you want :) situation: the guest is restricted to some ip on NetA, lets for now assume it's 10.0.0.42, and it is supposed to use a router (10.0.0.1) to reach a host on NetB (e.g. 192.168.0.42) ... but, the host already has a route to reach the network directly, so what it sends the packets (with 10.0.0.42 as source) directly to NetB, where the hosts get strange packets (at best) ... solution: add a second routing table, base the routing on the source ip (thus routing the traffic originating from 10.0.0.x ips through 10.0.0.1) and be happy catch: this will not work if the to-be-reached ip is on the same host (e.g. different guest) because local IPs are _always_ preferred over any routing ... documentation: http://archives.linux-vserver.org/200311/0470.html http://list.linux-vserver.org/archive/vserver/msg09837.html http://list.linux-vserver.org/archive/vserver/msg06615.html http://list.linux-vserver.org/archive/vserver/msg06631.html http://list.linux-vserver.org/archive/vserver/msg06667.html HTH, Herbert > Oliver > _______________________________________________ > Vserver mailing list > [email protected] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
