About this list Date view Thread view Subject view Author view Attachment view

From: Gilles (gilles_at_harfang.homelinux.org)
Date: Sun 26 Sep 2004 - 16:14:27 BST

> >
> > Can I create a second purely virtual net inside H2, say ?
> > [Where I would put e.g. a "mysql" vserver, with address]
> if you do not accept/route packets for the
> you can assign those IPs to for example the dummy0 interface
> (what interface doesn't matter actually) and use it on
> the host only ...

Ooh, *that* was a piece I was missing; thanks.

[I use Debian.] I added something like the following in
on the host:

iface dummy0 inet static

But, when the interface is brought up, there is an error message:

SIOCADDRT: Network is unreachable
Failed to bring up dummy0.

This is probably related to the ifupdown Debian scripts, as "ifconfig"
shows the interface (and networking with a vserver is OK).
Do you have some clues?

I'm still confused, because I don't understand why routing just works (but
probably not as I expect)!

In the above dummy0 config, I thought that I was setting up a virtual
gateway for the virtual subnet. [ is the address
of "eth0" on the host.]

But "route -n" within the vserver shows:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface U 0 0 0 dummy0 U 0 0 0 dummy0 U 0 0 0 eth0 UG 0 0 0 eth0

[Note: This is not exactly the right output, because I had set up a bridged
ethernet in order to provide connectivity to a UML, so that "eth0" is really
"br0", but if I understood the explanations, "br0" effectively replaces "eth0"
on the host (anyway it has the IP address that was associated with "eth0" when
there was no bridge).] is the address of the *other* physical machine (the one connected
to the Internet via its second nic), so that's the host default gateway), but
that's also the vserver default gateway (!), whereas I had imagined that the
vserver packets would have gone out through dummy0, to be routed by the gateway.

Obviously, it's a wrong expectation. Then, what is *really* going on?

> > > but all communication on the same host
> > > will happen via lo (see More Documentation on the
> > > linux-vserver wiki), so you have to keep that in mind.

What does that imply? Security problem?

> http://archives.linux-vserver.org/200311/0470.html
> http://list.linux-vserver.org/archive/vserver/msg06615.html
> http://list.linux-vserver.org/archive/vserver/msg06631.html
> http://list.linux-vserver.org/archive/vserver/msg06667.html
> http://vserver.13thfloor.at/Stuff/VServer-IP-Setup-0.1.txt

You ask many questions in there ;-) Is there a place where you
collected the answers/conclusions?

> > > vmware and QEMU or Bochs use a separate kernel (similar
> > > to that what UML does) and communicate via tun/tap
> >
> > Is it possible to have the same kind of communication between
> > vservers?
> possible yes, implemented no, because it doesn't
> make much sense to feed network data through some
> userspace pipe ...

Euh... Some explanation/doc to clarify that point?

Thanks for your patience,
Vserver mailing list

About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sun 26 Sep 2004 - 16:12:02 BST by hypermail 2.1.3