<< IMPORTANT INFORMATION! >> This is an automated message.
The message you sent (attached below) requires confirmation before it can be delivered. To confirm that you sent the message below, just hit the "R"eply button and send this message back (you don't need to edit anything). Once this is done, no more confirmations will be necessary. << INFORMA��O IMPORTANTE >> Esta � uma mensagem autom�tica A mensagem que voc� enviou (em anexo) requer confirma��o antes de ser entregue. Para confirmar o envio basta pressionar o bot�o de "Reply" e enviar esta mensagem de volta (n�o � necess�rio editar). Uma vez que isto seja feito, novas confirma��es n�o ser�o necess�rias. This email account is protected by: Active Spam Killer (ASK) V2.2 - (C) 2001-2002 by Marco Paganini For more information visit http://www.paganini.net/ask --- Original Message Follows --- From: Jacques Gelinas <[EMAIL PROTECTED]> Date: Tue, 3 Dec 2002 15:32:04 -0500 To: [EMAIL PROTECTED] Subject: re: [vserver] Re: Bug#171488: vserver: Doesn't allow separate netmasks / broadcast addrs On Tue, 3 Dec 2002 14:37:04 -0500, John Goerzen wrote > In article <[EMAIL PROTECTED]>, Paul Sladen > wrote: > > On Tue, 3 Dec 2002, Ola Lundqvist wrote: > >> On Mon, Dec 02, 2002 at 04:13:21PM -0600, John Goerzen wrote: > >> > it does not allow the second and subsequent interfaces to have a netmask or > >> > broadcast address different from the first. > > > > It was originally designed for just hooking the all-ones broadcast address > > (for running dhcpd) and that was just an extension of the set_ipv4root() > > interface only allowing a single address at the time > 2. Run several vservers on a single machine, and use the Linux "dummy" > driver to give them a way to communicate with each other without > using the system's Ethernet interface -- but still give some of them an IP > address on that Ethernet. > > I have tried to set up #2 so far. I can get things working when each > vserver has a single IP address. However, when I set them up with multiple > IP addresses, I get a lot of problems: > > 1. The interfaces all have the broadcast and netmask of the first one. > > I have gone in with ifconfig to fix this, to no avail. This will be fixed in 0.22 as explained in another message. > 2. All packets going out of the vserver have the source IP address > set to the first IPROOT address specified, regardless of which interface > they're going to. Yes, this is how it works. The vserver is forced to use the first IP in IPROOT to communicate. It is allowed to bind before connecting, but it must select one IP in its list. It would be possible for the kernel to select on IP in the IPROOT based on netmask and find the closest to the target address, so if you kind of bind a internal network say 192.168.1.0 with one vserver A using 192.168.1.1 and another B using 192.168.1.2, when A talks to B (192.168.1.2), it will use 192.168.1.1 as its source address even if its first IPROOT address is something else. On a non-vserver box, if one talks to 192.168.1.2, then the request comes from 192.168.1.2, but the vserver A is not allowed to use this address. It must uses only address in its own IPROOT. This sounds like a valid enhancement. This would also solved the case where one vserver has two public IP and talks to different places using the two interface. Currently, it always uses the first IP unless told otherwise. (Original message truncated)
