Hi everyone,
I'm working on the following setup:
- 1 Linux box with Kernel 2.4.26-vs1.27
- 2 Ethernet-NICs, each one connected to a different VLAN (and hence, to
different sets of IP subnets)
- by means of vservers, the whole thing should behave like two seperate
machines, each one offering public service via its own VLAN/subnet
So I have 3 'Linuxes' running: the master, and 2 vservers,
They need 3 IP addresses; I chose them to come from
3 different subnets like this:
master:~# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0e:0c:5c:53:75 brd ff:ff:ff:ff:ff:ff
inet 137.248.9.13/27 scope link eth0
inet 137.248.9.13/24 brd 137.248.9.255 scope global eth0:rst1
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0e:0c:5c:53:74 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.18/25 brd 192.168.1.127 scope global eth1
inet 137.248.1.53/24 brd 137.248.1.255 scope global eth1:rsf1
The private address is used to administer the master, rsf1 and rst1 are, of
course, the vservers.
Now, since all routing is done in the common network stack of the master,
I have to make a source based routing decision there, i.e. make vserver rsf1
send its packets exclusively on dev eth1, and rst1 only on eth0.
So I set up 2 routing tables, the main one for master and vserver rsf1
(eth1), and a second one for vserver rst1 (eth0):
master:~# ip route show table main
137.248.1.0/25 dev eth1 scope link
192.168.1.0/25 dev eth1 scope link
137.248.1.0/24 dev eth1 proto kernel scope link src 137.248.1.53
default via 192.168.1.126 dev eth1
master:~# ip route show table 2
137.248.9.0/27 dev eth0 scope link src 137.248.9.13
default via 137.248.9.30 dev eth0 src 137.248.9.13
Next I add the decision rule, ending up with:
master22:~# ip rule show
0: from all lookup local
32765: from 137.248.9.13 lookup 2
32766: from all lookup main
32767: from all lookup default
But it won't work. The vservers are configured like this
IPROOT="eth1:137.248.1.53"
IPROOTMASK=255.255.255.0
IPROOTBCAST=137.248.1.255
IPROOTDEV=eth1
ONBOOT=yes
S_HOSTNAME=rsf1
S_DOMAINNAME=none
S_NICE=
S_FLAGS="lock nproc"
ULIMIT="-H -u 1000"
S_CAPS="CAP_NET_RAW"
so I can, e.g. ping from inside a vserver.
Fro rsf1, things work fine, but if I try from rst1,
tcpdump -i eth0
does not show a single packet leaving the machine
on this interface. Instead, everything looks like routing
tabel 2 is never even touched (pings go out on eth0,
carrying the source address of the master).
So what on earth is wrong with the above setup?
Cheers, Martin
--
Dr. Martin Pauly Fax: 49-6421-28-26994
HRZ Univ. Marburg Phone: 49-6421-28-23527
Hans-Meerwein-Str. E-Mail:
(E-Mail Removed)
D-35032 Marburg
Similar Threads
Linear Mode
