From: Liam Helmer (linuxlists_at_thevenue.org)
Date: Wed 21 Apr 2004 - 18:41:35 BST
To make it communicate using a private IP would involved adding that
private ip to it's IPROOT= variable in the vservsers/<name>.conf file.
However, you're probably much better off adding permissions to the mysql
server so that that the external IP can connect, and not changing the
vserver config at all.
Cheers,
Liam
On Wed, 2004-04-21 at 02:03, Micah Anderson wrote:
> I've got a vserver whose IP is 192.168.0.1 and another whose is
> 192.168.0.2. I can ping between these two vservers fine, however, I
> tried to setup mysql to connect from .1 to .2 and found that it was
> using the host's actual IP to connect, instead of the private IP:
>
> $ mysqladmin -h 192.168.0.2 ping
> connect to server at '192.168.0.2' failed
> error: 'Host '212.112.147.194' is not allowed to connect to this MySQL
> server'
>
> I used tcpdump to look at the different interfaces, and it was only
> when I looked at the loopback did I see the traffic happening:
>
> 18:51:54.867738 212.112.147.194.43166 > 192.168.0.2.mysql: S
> 648997658:648997658(0) win 32767 <mss 16396,sackOK,timestamp 88679821
> 0,nop,wscale 0> (DF)
> 18:51:54.867825 192.168.0.2.mysql > 212.112.147.194.43166: S
> 649947611:649947611(0) ack 648997659 win 32767 <mss
> 16396,sackOK,timestamp 88679821 88679821,nop,wscale 0> (DF)
> 18:51:54.867904 212.112.147.194.43166 > 192.168.0.2.mysql: . ack
> 1 win 32767 <nop,nop,timestamp 88679821 88679821> (DF)
> 18:51:54.868663 192.168.0.2.mysql > 212.112.147.194.43166: P
> 1:77(76) ack 1 win 32767 <nop,nop,timestamp 88679822 88679821> (DF)
> [tos 0x8]
> 18:51:54.868740 212.112.147.194.43166 > 192.168.0.2.mysql: . ack
> 77 win 32767 <nop,nop,timestamp 88679822 88679822> (DF)
> 18:51:54.868801 192.168.0.2.mysql > 212.112.147.194.43166: F
> 77:77(0) ack 1 win 32767 <nop,nop,timestamp 88679822 88679822> (DF)
> [tos 0x8]
> 18:51:54.869254 212.112.147.194.43166 > 192.168.0.2.mysql: F
> 1:1(0) ack 78 win 32767 <nop,nop,timestamp 88679822 88679822> (DF)
> [tos 0x8]
> 18:51:54.869305 192.168.0.2.mysql > 212.112.147.194.43166: . ack
> 2 win 32767 <nop,nop,timestamp 88679822 88679822> (DF) [tos 0x8]
>
> How can I make it so that the vserver is communicating with the
> private IP instead of the public one? I want to do this so I can allow
> some vservers the ability to access the mysql, but not others. I can
> simply add 212.112.147.194 to the tables to be able to connect, but
> then all the vservers would be able to connect, when I only want
> 192.168.0.1 to be able to connect, but not 192.168.0.3 for example.
>
> Thanks for any pointers! Here is some more info:
>
> /etc/vservers/db.conf:
> #
> # the vserver which runs the databases
> #
> S_DOMAINNAME="db"
> S_HOSTNAME="db"
> IPROOT="192.168.0.2"
> IPROOTMASK="255.255.255.0"
> IPROOTDEV="eth0"
> S_CAPS="CAP_NET_RAW"
>
> /etc/vservers/zun.conf:
> S_HOSTNAME="zun"
> IPROOT="192.168.0.1"
> IPROOTMASK="255.255.255.0"
> IPROOTDEV="eth0"
> S_FLAGS="lock nproc"
> ULIMIT="-u 256 -n 1024"
> S_CAPS="CAP_NET_RAW"
>
> Thanks!
>
> micah
>
> ----
> "Naturally, the common people don't want war, but after all, it
> is the leaders of a country who determine the policy...Voice or no
> voice, the people can always be brought to the bidding of the leaders.
> This is easy. All you have to do is to tell them they are being
> attacked, and denounce the pacifists for lack of patriotism and
> exposing the country to danger. It works the same in every country."
> -- Goering, Nuremburg trial
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
>
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver