Herbert Poetzl wrote:
On Thu, Dec 08, 2005 at 06:42:00PM +0200, Etienne Pretorius wrote:
Hello all,
I would just like to know how do I make my ppp0 (pppoe) interface
visible and thus routable inside the vserver. I have this interface
on the main server and sofar using the new style configs with
bcapabilities set to CAP_SYS_ADMIN,CAP_NET_ADMIN,CAP_NET_RAW I still
can't see the interface and so I can't route through it.
well, you are jumping to conclusions here .. first
a few words to clarify ...
- networking happens on the host (for now), the guest
does not interfere with that
- guests are restricted to IPs, not to interfaces
- interfaces which do not carry IPs assigned to a guest
are hidden inside a guest
- routing is placed on the host and is _not_ affected
by any guest setups
- giving CAP_SYS_ADMIN,CAP_NET_ADMIN or CAP_NET_RAW
is compromising your guest security, and is seldom
what you really want ...
now for your situation:
- the interface hiding can be controlled via the (by
default enabled) hide_netif flag. turn it off and
you will see all interfaces
- you probably do not 'route' through that interface
because the host routing does not specify any route
through that interface for the IP(s) assigned to
your guest
- assigning the/a ppp IP to the guest will have two
effects: a) ppp will become visible and b) packets
routed through ppp might use that IP (which is
probably what you want)
HTH,
Herbert
Thank you,
Etienne
_______________________________________________
Vserver mailing list
[email protected]
http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
[email protected]
http://list.linux-vserver.org/mailman/listinfo/vserver
Thank you for your quick reply,
" - the interface hiding can be controlled via the (by
default enabled) hide_netif flag. turn it off and
you will see all interfaces"
Exactly where do you specify this flag? No info on the flower pages.....
"- you probably do not 'route' through that interface
because the host routing does not specify any route
through that interface for the IP(s) assigned to
your guest"
Correct, except that this interface is my default route.... no internet
access for the guests.
"assigning the/a ppp IP to the guest will have two
effects: a) ppp will become visible and b) packets
routed through ppp might use that IP (which is
probably what you want)"
A) /etc/vservers/<vservername>/interfaces/3/
- nodev
- ip
- dev
- prefix
B) I actually need the ip that already exists on that interface accessible to the vserver,
dynamic ip assignment....
" - giving CAP_SYS_ADMIN,CAP_NET_ADMIN or CAP_NET_RAW
is compromising your guest security, and is seldom
what you really want ..."
Yes, and well no. But I need this working before I can even think of tightening up the guest.
"- interfaces which do not carry IPs assigned to a guest
are hidden inside a guest "
Well, even specifying the assigned IP on the ppp0 interface correctly - plus the netmask - yealded
no effect on the visibility issue.
Herbert, I have read some of your previous posts - ppl have asked about the '*' under interface names when
executing 'route -n' and 'ip route'. You said it is because the inteface is not availible on the guest,
but if it was then it is a exact copy of the host system. BTW the host system can communticate with the
internet - and using 'ping -I <dev> <ipaddr>' resulting in 'Destination Unreachable', gives me the idea that
I require that interface.
Thank you,
Etienne
