About this list Date view Thread view Subject view Author view Attachment view

From: Hilco Wijbenga (hilco.wijbenga_at_gmail.com)
Date: Mon 05 Sep 2005 - 06:50:06 BST


Hi all,

I've looked through the mailing list archives but couldn't find
anything that appeared to explain the problem I'm having. I found a
few references to a setup similar to mine but without the details.
Maybe it's too simple? :-) Anyway, if the following has already been
asked/answered I would really appreciate a link.

I have a host with 2 network cards. Eth0 is my LAN and eth1 is the
internet. This host functions as the gateway between my LAN and the
internet. Using Firehol I've been able to set up a firewall and
everything seems to be working, i.e. I can access the internet from
the LAN.

On the host I've set up a vserver (with more to follow). This vserver
works properly (as far as I can tell) and I can SSH into it from the
LAN. I can successfully ping the vserver from the LAN and vice versa.
Note that the vserver only has eth0 (the LAN) as I didn't want it to
directly connect to the internet (eth1). I thought I could handle that
in the firewall?

What doesn't work is accessing anything on the internet from the
vserver. I'm having a hard time determining what the problem is. Is it
the firewall? Or my routing table? Or should the vserver have an eth1
as well, just like the host?

/etc/firehole/firehol.conf: (on the host)
version 5
interface eth0+ intranet
        policy accept
interface eth1 internet
        client all accept
router intranet2internet inface eth0+ outface eth1
        masquerade
        route all accept

ip route show: (on the host; A.B.C is the LAN and X.Y.Z is the internet)
A.B.C.0/24 dev eth0 proto kernel scope link src A.B.C.1
X.Y.Z.0/22 dev eth1 scope link
127.0.0.0/8 dev lo scope link
default via X.Y.Z.1 dev eth1

ip route show: (on the vserver)
A.B.C.0/24 dev eth0 proto kernel scope link src A.B.C.1
X.Y.Z.0/22 dev if3 scope link
127.0.0.0/8 dev if1 scope link
default via X.Y.Z.1 dev if3

One thing that strikes me as peculiar is the 'if3' in the 'ip route
show' output for the vserver. Looks like the default gateway is wrong.
Is that my problem? How would I solve it? I can't remove it in the
vserver (right?) and removing it on the host has rather unpleasant
consequences (i.e. no more internet access).

I'm running Gentoo GNU/Linux with the latest (on Gentoo) available 2.6
(vserver capable) kernel.

Thanks,
Hilco
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 05 Sep 2005 - 06:52:41 BST by hypermail 2.1.3