On Thu, Dec 08, 2005 at 08:09:19PM +0200, Etienne Pretorius wrote: > Herbert Poetzl wrote: > > >On Thu, Dec 08, 2005 at 06:42:00PM +0200, Etienne Pretorius wrote: > > > > > >>Hello all, > >> > >>I would just like to know how do I make my ppp0 (pppoe) interface > >>visible and thus routable inside the vserver. I have this interface > >>on the main server and sofar using the new style configs with > >>bcapabilities set to CAP_SYS_ADMIN,CAP_NET_ADMIN,CAP_NET_RAW I still > >>can't see the interface and so I can't route through it. > >> > >> > > > >well, you are jumping to conclusions here .. first > >a few words to clarify ... > > > >- networking happens on the host (for now), the guest > > does not interfere with that > >- guests are restricted to IPs, not to interfaces > >- interfaces which do not carry IPs assigned to a guest > > are hidden inside a guest > >- routing is placed on the host and is _not_ affected > > by any guest setups > >- giving CAP_SYS_ADMIN,CAP_NET_ADMIN or CAP_NET_RAW > > is compromising your guest security, and is seldom > > what you really want ... > > > >now for your situation: > > > >- the interface hiding can be controlled via the (by > > default enabled) hide_netif flag. turn it off and > > you will see all interfaces
> Exactly where do you specify this flag? > No info on the flower pages..... it's there, just check the link to lib/cflags-v13.c > >- you probably do not 'route' through that interface > > because the host routing does not specify any route > > through that interface for the IP(s) assigned to > > your guest > Correct, except that this interface is my default route.... > no internet access for the guests. well, if it _is_ your default route, I'm pretty sure the packets _are_ routed there ... but I suspect that you got the NATing wrong, so that the packets are sent with the (probably private) IP address of the guest ... > >- assigning the/a ppp IP to the guest will have two > > effects: a) ppp will become visible and b) packets > > routed through ppp might use that IP (which is > > probably what you want) > A) /etc/vservers/<vservername>/interfaces/3/ > - nodev > - ip > - dev > - prefix nodev and dev are exclusive, they do not make much sense together ... > B) I actually need the ip that already exists on > that interface accessible to the vserver, > dynamic ip assignment.... then you have to 'dynamically' change the IP for the guest (which is pretty easy with SNAT) > Well, even specifying the assigned IP on the ppp0 interface correctly > - plus the netmask - yealded no effect on the visibility issue. I somewhat doubt that ... > Herbert, I have read some of your previous posts - ppl have asked > about the '*' under interface names when executing 'route -n' and 'ip > route'. You said it is because the inteface is not availible on the > guest, but if it was then it is a exact copy of the host system. BTW > the host system can communticate with the internet - and using 'ping > -I <dev> <ipaddr>' resulting in 'Destination Unreachable', gives me > the idea that I require that interface. try the following pings _on the host_ ping -c 1 -I <guest ip> www.google.com ping -c 1 -I <host ip> www.google.com ping -c 1 -I <ppp ip> www.google.com make the first one work, and the guest will have proper internet access ... a possible way to do so is: iptables -t nat -I POSTROUTING -s <guest ip> -j SNAT --to <ppp ip> HTH, Herbert > Thank you, > Etienne > > _______________________________________________ > Vserver mailing list > [email protected] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
