From: Dennis Roos (dennis_at_intouch.net)
Date: Thu 18 Aug 2005 - 10:00:03 BST
On Thu, 2005-08-18 at 09:58 +0200, metaworx lists wrote:
> > On Tue, Aug 16, 2005 at 10:01:47AM +0200, Matvey Gladkikh wrote:
> > > I have small question. Can vserver guests be bind to vlan
> > > interfaces eg. bond0.10 not phisical eth0 and eth1?
> >
> > Yes
>
> > I have not tested on recent versions so though.
>
> we are running vlans on top of a bridged device and bind guests to this
> interfaces and everything seems to work as expected so far.
>
> what we have not yet fully tested, whether different guests in different
> vlans can communicate to each other while running on the same host (Kernel).
> I suppose thy can, but this does normaly not match the intention sice you
> place them in different vlans ;-)
They probably can communicate with eachother, they all share the same
routing table as they are in the same box :)
> the reason is that it is the same kernal and therefore the packages do not
> pass the vlan part of the device driver. a solution could be iptables, the
> way we will try to separate the vservers.
Try iproute2 (I got this originally from the wiki, but I don't have the link handy at the moment).
Create a new routing table (I use the vlan ID as table ID, but anything
goes as long as it's less than 255 (AFAIK) )
The versions in use with my setup are:# vserver-info
Versions:
Kernel: 2.6.11.6-grsec-vs1.9.5
VS-API: 0x00010025
util-vserver: 0.30.207; May 18 2005, 17:47:45
Here's an example:
${MYNET} == Server's network address
${SVRPFX} == Server's network prefix (CIDR notation)
${MYVLAN} == Vlan ID
${VLAN} == Vlan ID < 255
echo "10 VLAN10" > /etc/iproute2/rt_tables
ip rule add from ${MYNET}/${SVRPFX} table ${VLAN}
ip route add ${MYNET}/${SVRPFX} dev eth1.${MYVLAN} table ${VLAN}
ip route add default via ${MYGW} dev eth1.${MYVLAN} table ${VLAN}
-- Regards, Dennis RoosNetwork Engineer @ InTouch N.V. Middenweg 76 1097 BS Amsterdam Tel: +31 (0)20 6752060 Fax: +31 (0)20 6758429
-=[Assumption is the mother of all f*ckups]=-
_______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver