From: Chuck (chuck_at_sbbsnet.net)
Date: Thu 22 Sep 2005 - 01:55:52 BST
On Wednesday 21 September 2005 08:18 pm, Herbert Poetzl wrote:
> On Wed, Sep 21, 2005 at 08:09:19PM -0400, Chuck wrote:
> > i will have a need for 4 nics on 4 unique networks physically
> > separated so no chance of combining them on one nic.
> >
> > will the guests work fine on this? i know i had trouble in the past
> > running a dedicated machine on multiple networks.
> >
> > any given guest will be a member of a single network therefore will
> > access only a single nic. my concern is the host routing. previously
> > when i did this only members of the networks that were not assigned
> > to eth0 could reach them. the outside could not.
> >
> > each network of course has its own unique gateway and netmask
> >
> > example..
> >
> > the 4 nics will be required to access
> >
> > 64.113.32.0/23 gw 32.1
> > 64.113.34.0/24 gw 34.1
> > 64.113.39.0/24 gw 39.1
> > 172.30.x.x/24 pvt network gw 0.1
> >
> > the first 3 must be reachable via the outside..
> >
> > can this be accomplished properly?
>
> sure, but it's probably not the every day network
> setup, so it might not be obvious for you ...
no its not. i had this same problem with our news server when it was a member
of 4 networks.
>
> here is an example how to do source based routing
> (that's what you want here) with two different
> gateways (you just have to extend it to four :)
>
> http://archives.linux-vserver.org/200311/0470.html
>
will study it
> it is listed on the 'More Documentation' wiki page
> under (Archived) Knowledge, and you might want to
> take a look at the Networking stuff there too ...
>
will study that too :)
> > i personally cannot comprehend why the network/gateway limitations
> > are there.
>
> there are no real networking/gateway limitation,
> just routing tables and priorities ... you can
> have a dozent different gateways and switch them
> every second if you like :)
>
> > if each nic is on a separate network it should be able to have
> > its own default gateway for that network regardless of other nics.
>
> default gateway means: if no other rule applies,
> then send it there, of course, this does not make
> too much sense with more than one defaults on a
> single routing table ...
>
here is my current network config
config_eth0=("64.113.34.5 netmask 255.255.255.0 broadcast 64.113.34.255")
routes_eth0=("default gw 64.113.34.1")
config_eth1=( "172.30.0.50 netmask 255.255.255.0 broadcast 172.30.0.255" )
routes_eth1=( "-net 172.30.0.0/24 gw 172.30.0.1" )
config_eth2=( "64.113.33.7 netmask 255.255.254.0 broadcast 64.113.33.255")
routes_eth2=( "-net 64.113.32.0/23 gw 64.113.32.1" )
and my routing table
prometheus conf.d # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
64.113.34.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.30.0.0 172.30.0.1 255.255.255.0 UG 0 0 0 eth1
172.30.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
64.113.32.0 64.113.32.1 255.255.254.0 UG 0 0 0 eth2
64.113.32.0 0.0.0.0 255.255.254.0 U 0 0 0 eth2
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 64.113.34.1 0.0.0.0 UG 0 0 0 eth0
with every update to this year's gentoo latest i lose access to the pvt
network on eth1 directly from my machines... im not too worried about that
but it signalled the start of a problem with updating to this year's code..
the way above behaves is if eth2 is down, then any machine can ping eth0 and
ouside can ping it.. all members of pvtnet eth1 work fine.
with eth2 up, eth1 still works ok, but now, members of eth2 32 network cannot
ping 34.5 on eth0 but they can ping eth2 at 33.7
outside can ping 34.5 still but it cannot ping 33.7 at all. only members of
the 32-33 net can ping that ip addy.
i need to make it so all interfaces regardless of network are available to
every machine internally and outside except eth1 pvtnet.
hopefully these docs you pointed me to will make this clear.
> HTH,
> Herbert
>
> > --
> > Chuck
> >
> > "...and the hordes of M$*ft users descended upon me in their anger,
> > and asked 'Why do you not get the viruses or the BlueScreensOfDeath
> > or insecure system troubles and slowness or pay through the nose
> > for an OS as *we* do?!!', and I answered...'I use Linux'. "
> > The Book of John, chapter 1, page 1, and end of book
> >
> >
> > _______________________________________________
> > Vserver mailing list
> > Vserver_at_list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
>
--Chuck
"...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. " The Book of John, chapter 1, page 1, and end of book
_______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver