About this list Date view Thread view Subject view Author view Attachment view

From: Cathy Sarisky (cathy_at_acornhosting.net)
Date: Wed 21 Apr 2004 - 20:42:08 BST


Micah, which vserver version are you using? I remember seeing this back
in ctx 17 (? i think ?) but I'm not seeing it in vs 1.26.

Cathy

On Wed, 21 Apr 2004, Liam Helmer wrote:

> Oh, ok. Then, it's probably an iptables rule that's doing it, 'cause the
> processes inside the vserver wouldn't be able to bind to that IP to
> connect otherwise. Check and make sure that you've excluded traffic to
> private ips from your SNAT/MASQUERADE rules.
>
> Cheers,
> Liam
>
> On Wed, 2004-04-21 at 19:07, Micah Anderson wrote:
> > You may have missed the section below where I include the
> > vservers/<name>.conf file which shows clearly that the private IP is
> > in the IPROOT= variable, and this still doesn't work.
> >
> > micah
> >
> > On Wed, 21 Apr 2004, Liam Helmer wrote:
> >
> > > To make it communicate using a private IP would involved adding that
> > > private ip to it's IPROOT= variable in the vservsers/<name>.conf file.
> > > However, you're probably much better off adding permissions to the mysql
> > > server so that that the external IP can connect, and not changing the
> > > vserver config at all.
> > >
> > > Cheers,
> > > Liam
> > >
> > > On Wed, 2004-04-21 at 02:03, Micah Anderson wrote:
> > > > I've got a vserver whose IP is 192.168.0.1 and another whose is
> > > > 192.168.0.2. I can ping between these two vservers fine, however, I
> > > > tried to setup mysql to connect from .1 to .2 and found that it was
> > > > using the host's actual IP to connect, instead of the private IP:
> > > >
> > > > $ mysqladmin -h 192.168.0.2 ping
> > > > connect to server at '192.168.0.2' failed
> > > > error: 'Host '212.112.147.194' is not allowed to connect to this MySQL
> > > > server'
> > > >
> > > > I used tcpdump to look at the different interfaces, and it was only
> > > > when I looked at the loopback did I see the traffic happening:
> > > >
> > > > 18:51:54.867738 212.112.147.194.43166 > 192.168.0.2.mysql: S
> > > > 648997658:648997658(0) win 32767 <mss 16396,sackOK,timestamp 88679821
> > > > 0,nop,wscale 0> (DF)
> > > > 18:51:54.867825 192.168.0.2.mysql > 212.112.147.194.43166: S
> > > > 649947611:649947611(0) ack 648997659 win 32767 <mss
> > > > 16396,sackOK,timestamp 88679821 88679821,nop,wscale 0> (DF)
> > > > 18:51:54.867904 212.112.147.194.43166 > 192.168.0.2.mysql: . ack
> > > > 1 win 32767 <nop,nop,timestamp 88679821 88679821> (DF)
> > > > 18:51:54.868663 192.168.0.2.mysql > 212.112.147.194.43166: P
> > > > 1:77(76) ack 1 win 32767 <nop,nop,timestamp 88679822 88679821> (DF)
> > > > [tos 0x8]
> > > > 18:51:54.868740 212.112.147.194.43166 > 192.168.0.2.mysql: . ack
> > > > 77 win 32767 <nop,nop,timestamp 88679822 88679822> (DF)
> > > > 18:51:54.868801 192.168.0.2.mysql > 212.112.147.194.43166: F
> > > > 77:77(0) ack 1 win 32767 <nop,nop,timestamp 88679822 88679822> (DF)
> > > > [tos 0x8]
> > > > 18:51:54.869254 212.112.147.194.43166 > 192.168.0.2.mysql: F
> > > > 1:1(0) ack 78 win 32767 <nop,nop,timestamp 88679822 88679822> (DF)
> > > > [tos 0x8]
> > > > 18:51:54.869305 192.168.0.2.mysql > 212.112.147.194.43166: . ack
> > > > 2 win 32767 <nop,nop,timestamp 88679822 88679822> (DF) [tos 0x8]
> > > >
> > > > How can I make it so that the vserver is communicating with the
> > > > private IP instead of the public one? I want to do this so I can allow
> > > > some vservers the ability to access the mysql, but not others. I can
> > > > simply add 212.112.147.194 to the tables to be able to connect, but
> > > > then all the vservers would be able to connect, when I only want
> > > > 192.168.0.1 to be able to connect, but not 192.168.0.3 for example.
> > > >
> > > > Thanks for any pointers! Here is some more info:
> > > >
> > > > /etc/vservers/db.conf:
> > > > #
> > > > # the vserver which runs the databases
> > > > #
> > > > S_DOMAINNAME="db"
> > > > S_HOSTNAME="db"
> > > > IPROOT="192.168.0.2"
> > > > IPROOTMASK="255.255.255.0"
> > > > IPROOTDEV="eth0"
> > > > S_CAPS="CAP_NET_RAW"
> > > >
> > > > /etc/vservers/zun.conf:
> > > > S_HOSTNAME="zun"
> > > > IPROOT="192.168.0.1"
> > > > IPROOTMASK="255.255.255.0"
> > > > IPROOTDEV="eth0"
> > > > S_FLAGS="lock nproc"
> > > > ULIMIT="-u 256 -n 1024"
> > > > S_CAPS="CAP_NET_RAW"
> > > >
> > > > Thanks!
> > > >
> > > > micah
> > > >
> > > > ----
> > > > "Naturally, the common people don't want war, but after all, it
> > > > is the leaders of a country who determine the policy...Voice or no
> > > > voice, the people can always be brought to the bidding of the leaders.
> > > > This is easy. All you have to do is to tell them they are being
> > > > attacked, and denounce the pacifists for lack of patriotism and
> > > > exposing the country to danger. It works the same in every country."
> > > > -- Goering, Nuremburg trial
> > > > _______________________________________________
> > > > Vserver mailing list
> > > > Vserver_at_list.linux-vserver.org
> > > > http://list.linux-vserver.org/mailman/listinfo/vserver
> > > >
> > >
> > > _______________________________________________
> > > Vserver mailing list
> > > Vserver_at_list.linux-vserver.org
> > > http://list.linux-vserver.org/mailman/listinfo/vserver
> > micah
> >
> > ----
> > "Naturally, the common people don't want war, but after all, it
> > is the leaders of a country who determine the policy...Voice or no
> > voice, the people can always be brought to the bidding of the leaders.
> > This is easy. All you have to do is to tell them they are being
> > attacked, and denounce the pacifists for lack of patriotism and
> > exposing the country to danger. It works the same in every country."
> > -- Goering, Nuremburg trial
> > _______________________________________________
> > Vserver mailing list
> > Vserver_at_list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
> >
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
>

_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 21 Apr 2004 - 21:07:49 BST by hypermail 2.1.3