From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Fri 03 Dec 2004 - 17:31:10 GMT
On Fri, Dec 03, 2004 at 01:16:24PM +0100, Gebhardt Thomas wrote:
> just noticed (by sniffing on the net) that ping (ICMP echo requests)
> packets from within a vserver get the ip source address of the
> master host. This is rather confusing when dealing with ip based
> access rules on routers and switches. Adapting these access rules
> makes the roaming of vservers more difficult because you cannot
> transparently move the vserver from one master server to another.
> Why does this occur? I guess that this is done intentionally?
the source selection for 'unspecified' packets is
based on the routing tables, so if your routing tables
'suggest' to use that value, then outgoing packets
will use it.
nevertheless you can specify the source ip with the
-I option to ping, so that it generates packets with
that source address ...
and btw, ping doesn't work from within a vserver unless
you give CAP_NET_RAW which is a dangerous thing to do
> My Kernel/Patch-Version is 2.4.26-vs1.27.
upgrade would be advised (for security reasons)
> Thanks, Thomas
> Vserver mailing list
Vserver mailing list