From: Ron (ron_at_debian.org)
Date: Sun 06 Jun 2004 - 11:28:23 BST
Howdy,
I'm enquiring about a post from a few months back:
> the Linux kernel including 2.4.22 does not masquerade lokal
> created ip packets (eg. from an vps). in connection with
> ip4chbind, masquerading of these packetes gets more important if
> you do not want to assign a public ip to every vserver or run the
> vservers on additional physical hardware inside the local lan.
okay, I found that out yesterday as I tested the setup you want to
use, but I'm not sure if local masquerading (on aliased interfaces)
will work as expected at all ... guess we have to test ...
> A patch from Stefan Metzmacher can be found at:
> http://lists.netfilter.org/pipermail/netfilter-devel/2002-January/006505.html
will adapt that to the recent kernels, anybody willing to test that
with several setups?
best,
Herbert
I've just rebuilt a new vserver using kernel 2.4.26 + vs1.27 (after
confirming this box still has trouble with 2.6.6). For the next few
days I need to tunnel it out via a ppp connection on the same machine
and, of course, I'm also seeing the problem described above.
Can anyone recall if Stefan's patch was rejected because it actually caused
other problems, or (as is often the case) did this just fall though the
cracks because nobody expressed any interest in following it up?
If the latter, I can try it on the vserver box I have and let you know
the results, though I suspect something a little more complex than
Stefan's patch is what is really required because you surely only want
to masq packets that aren't already attached to the public interface.
For now SNAT'ing the aliased interface is getting me by, but this seems
like a FIXME that would be nice to get rid of if we can.
cheers,
Ron
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver