From: Micah Anderson (micah_at_riseup.net)
Date: Wed 21 Apr 2004 - 03:03:22 BST
I've got a vserver whose IP is 192.168.0.1 and another whose is
192.168.0.2. I can ping between these two vservers fine, however, I
tried to setup mysql to connect from .1 to .2 and found that it was
using the host's actual IP to connect, instead of the private IP:
$ mysqladmin -h 192.168.0.2 ping
connect to server at '192.168.0.2' failed
error: 'Host '212.112.147.194' is not allowed to connect to this MySQL
server'
I used tcpdump to look at the different interfaces, and it was only
when I looked at the loopback did I see the traffic happening:
18:51:54.867738 212.112.147.194.43166 > 192.168.0.2.mysql: S
648997658:648997658(0) win 32767 <mss 16396,sackOK,timestamp 88679821
0,nop,wscale 0> (DF)
18:51:54.867825 192.168.0.2.mysql > 212.112.147.194.43166: S
649947611:649947611(0) ack 648997659 win 32767 <mss
16396,sackOK,timestamp 88679821 88679821,nop,wscale 0> (DF)
18:51:54.867904 212.112.147.194.43166 > 192.168.0.2.mysql: . ack
1 win 32767 <nop,nop,timestamp 88679821 88679821> (DF)
18:51:54.868663 192.168.0.2.mysql > 212.112.147.194.43166: P
1:77(76) ack 1 win 32767 <nop,nop,timestamp 88679822 88679821> (DF)
[tos 0x8]
18:51:54.868740 212.112.147.194.43166 > 192.168.0.2.mysql: . ack
77 win 32767 <nop,nop,timestamp 88679822 88679822> (DF)
18:51:54.868801 192.168.0.2.mysql > 212.112.147.194.43166: F
77:77(0) ack 1 win 32767 <nop,nop,timestamp 88679822 88679822> (DF)
[tos 0x8]
18:51:54.869254 212.112.147.194.43166 > 192.168.0.2.mysql: F
1:1(0) ack 78 win 32767 <nop,nop,timestamp 88679822 88679822> (DF)
[tos 0x8]
18:51:54.869305 192.168.0.2.mysql > 212.112.147.194.43166: . ack
2 win 32767 <nop,nop,timestamp 88679822 88679822> (DF) [tos 0x8]
How can I make it so that the vserver is communicating with the
private IP instead of the public one? I want to do this so I can allow
some vservers the ability to access the mysql, but not others. I can
simply add 212.112.147.194 to the tables to be able to connect, but
then all the vservers would be able to connect, when I only want
192.168.0.1 to be able to connect, but not 192.168.0.3 for example.
Thanks for any pointers! Here is some more info:
/etc/vservers/db.conf:
#
# the vserver which runs the databases
#
S_DOMAINNAME="db"
S_HOSTNAME="db"
IPROOT="192.168.0.2"
IPROOTMASK="255.255.255.0"
IPROOTDEV="eth0"
S_CAPS="CAP_NET_RAW"
/etc/vservers/zun.conf:
S_HOSTNAME="zun"
IPROOT="192.168.0.1"
IPROOTMASK="255.255.255.0"
IPROOTDEV="eth0"
S_FLAGS="lock nproc"
ULIMIT="-u 256 -n 1024"
S_CAPS="CAP_NET_RAW"
Thanks!
micah
----
"Naturally, the common people don't want war, but after all, it
is the leaders of a country who determine the policy...Voice or no
voice, the people can always be brought to the bidding of the leaders.
This is easy. All you have to do is to tell them they are being
attacked, and denounce the pacifists for lack of patriotism and
exposing the country to danger. It works the same in every country."
-- Goering, Nuremburg trial
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver