On Mon, Nov 07, 2005 at 06:20:34PM -0500, Chuck wrote: > > I have many ip addresses on each of 4 ethernet cards using iproute2. > > one of my guests must absolutely always send and receive on a certain > ip address which is not the first ip on the card. I have bound the > service (radius) to that ip which is the only one the guest is given. > I have not proven it but have a suspicion that once in a while a > radius reply is getting sent out the primary ip of either the card or > eth0 (the card is eth3 and the default system gateway is for eth0.. > the rest use default gateway routing via tables). > > is there some magic that can guarantee that guest and subsequent > handling by the host can never mess up and always use that single ip > for all traffic while not affecting other guests?
a guest, bound to a specific IP (only one), will _always_ use this IP for outgoing ip based connections, reponses or whatever, so, as long as you do not give CAP_NET_RAW it will ensure that only that IP is used ... of course, this IP might be mangled by some NAT rules so make sure _not_ to do that ... > my net setup for this card is as follows > > config_eth3=( "64.113.39.252 netmask 255.255.255.0 broadcast 64.113.39.255" ) > routes_eth3=( "64.113.39.0/24 src 64.113.39.252 table 39net" ) > routes_eth3=( "default via 64.113.39.1 table 39net" ) > rules_eth3=( "from 64.113.39.0/24 table 39net" ) > > would it work or help to duplicate the first routes_eth3 line but > using the ip of the guest? eg: > > routes_eth3=( "64.113.39.0/24 src 64.113.39.5 table 39net" ) > > or would this confuse the networking code? i would think this ip would > be 'covered' by the rule set in the last line. > > i am still very green when it comes to iproute2 and what it can do. routes will only 'suggest' certain IPs for outgoing packets, there is no 'requirement' to use a certain IP for a packet defined in IP networking > what is happening is I am missing a LOT of stop packets. many more > than i ever did before I moved radius to a guest and I need to fix > this because when a stop is missed people cannot log in as they get > simulteneous use errors. what protocl are those packets? tcp? udp? base ip? > maybe somehow assigning this guest slightly more priority? don't know > .. grabbing at straws here.. the configuration of radius is fine and > is just as it was when it was running by itself on its own server. guess we need more info too ... best, Herbert > -- > > Chuck > > "...and the hordes of M$*ft users descended upon me in their anger, > and asked 'Why do you not get the viruses or the BlueScreensOfDeath > or insecure system troubles and slowness or pay through the nose > for an OS as *we* do?!!', and I answered...'I use Linux'. " > The Book of John, chapter 1, page 1, and end of book > > > _______________________________________________ > Vserver mailing list > [email protected] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
