On Fri, Aug 01, 2003 at 10:56:22AM +0200, [EMAIL PROTECTED] wrote:
> Thank for the response. Yes I understood that the routing needs to be setup
> on the host server. But how? I tried to solve the problem with policy
> routing setting an extra default gateway for the vservers running on a
> vitual interface on eth1:
>
>
> default route
> eth1:VS1 (192.168.3.20) -----------------> eth1 (192.168.3.1)
>
> NAT
> -------------> eth0 (145.228.83.129) -------> Internet
>
>
> currently the default gateway of my box is 145.228.83.129. Therefore I
> introduced a routing table 101 for the network 192.168.3.0/24 to be routed
> through 192.168.3.1. But for some reason the rule
>
> rule add from 192.168.3.20 table 101 prio 20
>
> does not match. I presumed that it might not recognize virtual devices?
I use a setup like the following
(for one maintainance access, and two other nics, for
the virtual servers, all have their own default gateway)
ip route delete $INTNET
ip route add $INTNET dev $INTDEV src $INTIP table intern
ip route add $INTNET dev $INTDEV src $INTIP
ip route add default via $INTDG dev $INTDEV src $INTIP table intern
ip rule add from $INTIP table intern
ip route add $EXTNET1 dev $EXTDEV1 table extern1
ip route add default via $EXTDG1 dev $EXTDEV1 table extern1
ip rule add from $EXTNET1 table extern1
ip route add $EXTNET2 dev $EXTDEV2 table extern2
ip route add default via $EXTDG2 dev $EXTDEV2 table extern2
ip rule add from $EXTNET2 table extern2
NET .. network
DEV .. (base) device
IP .. master source ip
DG .. default gateway
HTH,
Herbert
>
> Christian
>
>
>
> > -----Urspr�ngliche Nachricht-----
> > Von: Dan Hrabarchuk [mailto:[EMAIL PROTECTED]
> > Gesendet: Donnerstag, 31. Juli 2003 17:15
> > An: VServer Mailing List
> > Betreff: Re: [vserver] setting the default gateway
> >
> > Below is my routing table. This is the same on the main server and each
> > vserver running on my firewall. I NAT 100% properly and my vservers are
> > accessable over my VPN with out issues. Basically get your host servers
> > routing set up. VServers do not need their *own* routing.
> >
> > Dan
> >
> > Kernel IP routing table
> > Destination Gateway Genmask Flags MSS Window irtt
> > Iface
> > 192.168.1.0 0.0.0.0 255.255.255.0 U 40 0 0
> > eth1
> > 142.179.x.0 0.0.0.0 255.255.248.0 U 40 0 0
> > eth0
> > 142.179.x.0 0.0.0.0 255.255.248.0 U 40 0 0
> > ipsec0
> > 192.168.0.0 0.0.0.0 255.255.248.0 U 40 0 0
> > eth0
> > 172.16.0.0 142.179.x.254 255.255.0.0 UG 40 0 0
> > ipsec0
> > 10.0.0.0 142.179.x.254 255.0.0.0 UG 40 0 0
> > ipsec0
> > 127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0
> > lo
> > 0.0.0.0 142.179.x.254 0.0.0.0 UG 40 0 0
> > eth0
> >
> > On Thu, 2003-07-31 at 04:24, [EMAIL PROTECTED] wrote:
> > > Hi,
> > >
> > >
> > >
> > > I'm using vserver on a box with 2 ethernet devices, eth0 and eth1:
> > >
> > >
> > >
> > > eth0 Link encap:Ethernet HWaddr
> > >
> > > inet addr:145.228.83.129 Bcast:145.228.83.255
> > > Mask:255.255.255.0
> > >
> > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > >
> > > RX packets:21223 errors:0 dropped:0 overruns:0 frame:0
> > >
> > > TX packets:5770 errors:0 dropped:0 overruns:0 carrier:7
> > >
> > > collisions:20 txqueuelen:100
> > >
> > > RX bytes:2213696 (2.1 Mb) TX bytes:789266 (770.7 Kb)
> > >
> > > Interrupt:11 Base address:0x6000
> > >
> > >
> > >
> > > eth1 Link encap:Ethernet HWaddr
> > >
> > > inet addr:192.168.3.1 Bcast:192.168.3.255
> > > Mask:255.255.255.0
> > >
> > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > >
> > > RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> > >
> > > TX packets:154 errors:0 dropped:0 overruns:0 carrier:0
> > >
> > > collisions:0 txqueuelen:100
> > >
> > > RX bytes:0 (0.0 b) TX bytes:9240 (9.0 Kb)
> > >
> > > Interrupt:11 Base address:0xa000
> > >
> > >
> > >
> > > the vservers are bound to eth1 with IP's 192.168.3.XXX and should be
> > > routed through 192.168.3.1 (and then NATed to 145.228.83.129).
> > > Therefore I need to change the default route of the vservers from
> > > 145.228.83.129 to 192.168.3.1. I did it according to a posting from
> > > February 2002 (for the vserver-IP 192.168.3.20):
> > >
> > >
> > >
> > > ip rule add from 192.168.3.20 table 101 prio 20
> > >
> > > ip route add 192.168.0.0/24 dev eth1 table 101
> > >
> > > ip route add default via 192.168.3.1 dev eth1 table 101
> > >
> > > ip route flush cache
> > >
> > >
> > >
> > > the result is:
> > >
> > > --------------------------------------
> > >
> > > the global RULES:
> > >
> > > 0: from all lookup local
> > >
> > > 20: from 192.168.3.20 lookup 101
> > >
> > > 32766: from all lookup main
> > >
> > > 32767: from all lookup 253
> > >
> > >
> > >
> > > --------------------------------------
> > >
> > > the global ROUTES:
> > >
> > > 145.228.83.0/24 dev eth0 scope link
> > >
> > > 192.168.3.0/24 dev eth1 scope link
> > >
> > > 127.0.0.0/8 dev lo scope link
> > >
> > > default via 145.228.83.1 dev eth0
> > >
> > >
> > >
> > > --------------------------------------
> > >
> > > the ROUTES for table 101:
> > >
> > > 192.168.0.0/24 dev eth1 scope link
> > >
> > > default via 192.168.3.1 dev eth1
> > >
> > >
> > >
> > > --------------------------------------
> > >
> > > But for some reason, the default default route within the vservers is
> > > not affected. Any ideas?
> > >
> > >
> > >
> > > Regards
> > >
> > > Christian
> > >
> > >
> > >
> > >
> > --
> > Dan
> >
> > Bridges.com - North America's leading provider of career and
> > educational management solutions.
