From: Liam Helmer (linuxlists_at_thevenue.org)
Date: Tue 12 Oct 2004 - 19:38:30 BST
Sorry, I missed some of the message ;)
> This directory does not exist. In fact /etc/iproute2 doesn't. Does this
> indicate whether iproute2 is installed or just not used in this manner.
>
> > 200 vserver
>
> I'm assuming vserver is a label so with my naming convertion it would be
>
> 200 img4
>
Hmm... if it doesn't ( I seem to remember old redhat installs didn't
have it either <sigh>), make the directory and the file, and put this in
as well as the entry above:
----snip-----
#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
----snip------
Yes, vserver is just a label, so it can be anything. If anything, you
may want to name it "eth1" or whatever the interface is, as that's
really what it's function is.
> How about other NICs? I have one system with three in it.
> Well I used the term router. Should this value, "<second router>", be the
> interface -- eth1 -- I'm trying to get to work? Like this?
>
> ip route add table img4 default via eth1
>
default via <ip of gateway>
Actually, if you're only using 1 ip for it, you could do:
ip route add table img4 default via <ip.of.gateway> src <vserver.ip>
ip route is, to some degree, interface indifferent.
Note: if your gateways don't do source address verification (many do),
you can do multiple routes for the ip like this:
ip route add table img4 default nexthop <ip.of.gateway> src <vserver.ip>
dev <ethx> nexthop <ip.of.gateway.#2> src <vserver.ip> dev ethy
I think that that syntax is correct, it's been a little while since I
did it.
> > ip rule add from <vserver.ip.range/netmask> lookup vserver
>
> This "<vserver.ip.range/netmask>" could be anything (legitimate that is),
> so I'd use:
>
> ip rule add from 192.168.13.0/255.255.255.0 lookup img4
>
Use bitmasks like /24 instead of 255.255.255.0
> > Put those two lines in you startup scripts somewhere. Note, if you have
> > other static routes for your network, you'll need to add them into the
> > "ip route" list too.
>
> Are there in SysV scripts that do this already and make it easier? I have
> other less-experienced people pressing keys for me while I try to talk
> them through the process over the phone. Having all startup/shutdown
> scripts by init level is nice and consistant.
Hmm... I'd add it into the vserver init script maybe. I think fedora has
an option for static routes based on interface as well -> however, I'm
no expert on the layout of that.
>
> > In case you're curious, ping works, because it manually creates packets,
> > rather than using the standard ipv4 interface (which is why it needs
> > CAP_NET_RAW).
>
> Something new every day. Also I'm asking for this clarification for two
> reasons. My job is easier and this can go into the docs or wiki to help
> the next slightly-clueless vserver user that comes along. (_We_ get to
> say RTFM :-)
Yup, it's always complicated when you're starting out... ;)
Cheers,
Liam
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver