From: Gilles (gilles_at_harfang.homelinux.org)
Date: Wed 25 May 2005 - 00:32:12 BST
>
> > > > 3. How to set the source for a default route?
> > > Using iproute2 you can use:
> > > ip rule add from ${MYNET}/${SVRPFX} table ${VLAN}
> > >
Yes, as is explained in
http://archives.linux-vserver.org/200311/0470.html
[I'll still have to read the docs in order to understand the "rule"s.]
> >
> > >From the "ip" docs, one of the error (see below: "RTNETLINK answers: Invalid
> > argument") comes from using the "rule" command, and seems related to a missing
> > kernel feature (CONFIG_IP_MULTIPLE_TABLES). But I can't find it in ".config";
> > has it changed name, or is it covered by another config option?
> >From 2.6.11*:
> CONFIG_IP_MULTIPLE_TABLES=y
>
> Symbol: IP_MULTIPLE_TABLES [=y]
> │ Prompt: IP: policy routing
> │ Defined at net/ipv4/Kconfig:56
> │ Depends on: NET && IP_ADVANCED_ROUTER
> │ Location:
> │ -> Device Drivers
> │ -> Networking support
> │ -> Networking support (NET [=y])
> │ -> Networking options
> │ -> TCP/IP networking (INET [=y])
> │ -> IP: advanced router (IP_ADVANCED_ROUTER
> [=y])
>
I was missing that one, as Herbert had just told me.
> > > >
> > > > First I removed the "network" and "gateway" entries in the "interfaces" file.
> > > > Then I put a "routing.sh" script in "/etc/vservers/phony/scripts/pre-start.d"
> > > > containing the following lines:
> > > >
> > > > ip route add 192.168.83.0/24 dev eth0.2
> > > > ip route add default via 192.168.83.2 dev eth0.2
> > > > ip rule add from 192.168.83.0/24
> > > First of all, I have had issues when doing routing changes in the pre-start fase,
> > > so I made a habbit of doing those changes in the post start fase and that solved
> > > a lot of my problems.
> > >
It seems more coherent to set it in "pre-start" (if possible): probably better not
to have a running vserver without a sensible routing (?).
Now, with a new kernel (advanced router with multiple tables...):
Inside Vs1:
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.83.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.2
192.168.79.0 0.0.0.0 255.255.255.0 U 0 0 0 *
192.168.107.0 0.0.0.0 255.255.255.0 U 0 0 0 *
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0.2
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 *
0.0.0.0 0.0.0.0 0.0.0.0 UG 0 0 0 *
Inside Vs2:
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.83.0 0.0.0.0 255.255.255.0 U 0 0 0 *
192.168.79.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.3
192.168.107.0 0.0.0.0 255.255.255.0 U 0 0 0 *
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 *
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0.3
0.0.0.0 0.0.0.0 0.0.0.0 UG 0 0 0 *
And both have access to the Internet.
[Excerpt of] "/etc/network/interfaces" on Host1:
-----
# VLAN (Private)
auto eth0.2
iface eth0.2 inet static
address 192.168.83.1
netmask 255.255.255.0
mtu 1496
# VLAN (DMZ)
auto eth0.3
iface eth0.3 inet static
address 192.168.79.1
netmask 255.255.255.0
mtu 1496
-----
And similarly on Host2 (except for the addresses, to be replaced by "192.168.83.2"
and "192.168.79.2", respectively).
[The mtu setting seems important (as noted on the VLAN docs) here: All other things
equal, I had some strange "Temporary name resolution failure" and other ssh hangs,
which disappeared after lowering the mtu.]
The routing is set up in "/etc/vserver/<name>/scripts/pre-start.d/".
For "eth0.2", I have a file called "priv_routing.sh" with:
-----
ip route add 192.168.83.0/24 dev eth0.2 table 102
ip route add default via 192.168.83.2 dev eth0.2 table 102
ip rule add from 192.168.83.0/24 table 102
-----
And for "eth0.3", a file called "dmz_routing":
-----
ip route add 192.168.79.0/24 dev eth0.3 table 103
ip route add default via 192.168.79.2 dev eth0.3 table 103
ip rule add from 192.168.79.0/24 table 103
-----
Yet... this error remains, at vserver startup:
ERROR: trying to add VLAN #2 to IF -:eth0:- error: Invalid argument
What about it?
Best regards,
Gilles
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver