From: J. Nick Koston (nick_at_cpanel.net)
Date: Tue 03 Dec 2002 - 20:32:44 GMT
<< IMPORTANT INFORMATION! >>
This is an automated message.
The message you sent (attached below) requires confirmation
before it can be delivered. To confirm that you sent the
message below, just hit the "R"eply button and send this
message back (you don't need to edit anything). Once this is
done, no more confirmations will be necessary.
<< INFORMAÇÃO IMPORTANTE >>
Esta é uma mensagem automática
A mensagem que você enviou (em anexo) requer confirmação
antes de ser entregue. Para confirmar o envio basta
pressionar o botão de "Reply" e enviar esta mensagem de
volta (não é necessário editar). Uma vez que isto seja
feito, novas confirmações não serão necessárias.
This email account is protected by:
Active Spam Killer (ASK) V2.2 - (C) 2001-2002 by Marco Paganini
For more information visit http://www.paganini.net/ask
--- Original Message Follows ---
From: Jacques Gelinas <jack_at_solucorp.qc.ca>
Date: Tue, 3 Dec 2002 15:32:04 -0500
To: vserver_at_solucorp.qc.ca
Subject: re: [vserver] Re: Bug#171488: vserver: Doesn't allow separate netmasks / broadcast addrs
On Tue, 3 Dec 2002 14:37:04 -0500, John Goerzen wrote
> In article <Pine.LNX.4.21.0212030924190.9048-100000_at_starsky.19inch.net>, Paul Sladen
> wrote:
> > On Tue, 3 Dec 2002, Ola Lundqvist wrote:
> >> On Mon, Dec 02, 2002 at 04:13:21PM -0600, John Goerzen wrote:
> >> > it does not allow the second and subsequent interfaces to have a netmask or
> >> > broadcast address different from the first.
> >
> > It was originally designed for just hooking the all-ones broadcast address
> > (for running dhcpd) and that was just an extension of the set_ipv4root()
> > interface only allowing a single address at the time
> 2. Run several vservers on a single machine, and use the Linux "dummy"
> driver to give them a way to communicate with each other without
> using the system's Ethernet interface -- but still give some of them an IP
> address on that Ethernet.
>
> I have tried to set up #2 so far. I can get things working when each
> vserver has a single IP address. However, when I set them up with multiple
> IP addresses, I get a lot of problems:
>
> 1. The interfaces all have the broadcast and netmask of the first one.
>
> I have gone in with ifconfig to fix this, to no avail.
This will be fixed in 0.22 as explained in another message.
> 2. All packets going out of the vserver have the source IP address
> set to the first IPROOT address specified, regardless of which interface
> they're going to.
Yes, this is how it works. The vserver is forced to use the first IP in IPROOT
to communicate. It is allowed to bind before connecting, but it must select
one IP in its list.
It would be possible for the kernel to select on IP in the IPROOT based on
netmask and find the closest to the target address, so if you kind of bind
a internal network say 192.168.1.0 with one vserver A using 192.168.1.1
and another B using 192.168.1.2, when A talks to B (192.168.1.2), it will
use 192.168.1.1 as its source address even if its first IPROOT address is
something else.
On a non-vserver box, if one talks to 192.168.1.2, then the request comes
from 192.168.1.2, but the vserver A is not allowed to use this address. It must
uses only address in its own IPROOT.
This sounds like a valid enhancement. This would also solved the case where
one vserver has two public IP and talks to different places using the two
interface. Currently, it always uses the first IP unless told otherwise.
(Original message truncated)