From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Fri 09 Sep 2005 - 07:38:02 BST
On Thu, Sep 08, 2005 at 02:40:25PM +0200, Oliver Welter wrote:
> Hi List,
> I have a stupid problem and cant track it down :(
> I have a host system running, that owns IP in two networks (realized
> via VLANs if it matters)
> So I have:
> eth0.1 -> 10.0.0.10 (NetA)
> eth0.2 -> 192.168.0.10 (NetB)
> The setup on the host ist running, means I can ping hosts in both
> networks, the default route is set via the 10. and works, too. Both
> IPs can be pinged from outside too.
> Now the problem:
> I have a guest that owns only an IP from NetA - I can ping everythig
> except hosts in NetB. The problem seems to be, that there is a route
> for NetB shown inside the server, but this route uses an invalid
> interface (the other VLAN, it is indicatede with "*" in the routing
> route -n:
> 10.0.0.0/24 -> eth0.1
> 192.168.168.0.0/24 -> *
> 0.0.0.0/0 -> 10.0.0.1
> So any ideas how I can remove the invalid route from the vServer ?
> The expected behaviour will be, that the guest sends the packets for
> NetB to the router (a cisco maschine) using the default route as the
> destination is not on the same network.
*sigh* this is a common misconception, networking
(for now, i.e. without ngnet) is happening on the
host, so everything the host has or does will be
applicable for the guests as well, except for the
fact that they might be reduced in flexibility
regarding the IP addresses ...
> It might also be a solution to use the host system for routing between
> the nets...
no, because the host is already routing the nets :)
> Is there any solution with teh real IPs or must I create
> loopback/dummy networks and lots of NATs ?
loopback/dummy will not change the situation, but for
what you actually want, SNAT is the correct solution
now for the part _what_ you want :)
the guest is restricted to some ip on NetA, lets
for now assume it's 10.0.0.42, and it is supposed
to use a router (10.0.0.1) to reach a host on
NetB (e.g. 192.168.0.42) ... but, the host already
has a route to reach the network directly, so what
it sends the packets (with 10.0.0.42 as source)
directly to NetB, where the hosts get strange
packets (at best) ...
add a second routing table, base the routing on
the source ip (thus routing the traffic originating
from 10.0.0.x ips through 10.0.0.1) and be happy
this will not work if the to-be-reached ip is on
the same host (e.g. different guest) because local
IPs are _always_ preferred over any routing ...
> Vserver mailing list
Vserver mailing list