From: Chuck (chuck_at_sbbsnet.net)
Date: Sun 25 Sep 2005 - 19:47:53 BST
On Saturday 24 September 2005 03:39 pm, Chuck wrote:
Finally, with the help of the docs Bert pointed me to, and the help of someone
in the Gentoo network forum, it all works properly. The contents of the
things I had to do is listed below in case anyone else runs into the same
problem. I could not find any way to add the rules to the /etc/conf.d/net
config file, so i created a run script to do it.
I added the 3 values below to /etc/iproute2/rt_tables
34 34net
39 39net
172 pvtnet
-----------------------
prometheus ~ # cat /etc/conf.d/net
modules=( "iproute2" )
config_eth0=( "64.113.34.5 netmask 255.255.255.0 broadcast 64.113.34.255" )
routes_eth0=( "64.113.34.0/24 src 64.113.34.5 table 34net" )
routes_eth0=( "default via 64.113.34.1 table 34net" )
config_eth1=( "172.30.0.50 netmask 255.255.255.0 broadcast 172.30.0.255" )
routes_eth1=( "172.30.0.0/24 src 172.30.0.50 table pvtnet" )
routes_eth1=( "default via 172.30.0.1 table pvtnet" )
config_eth2=( "64.113.39.254 netmask 255.255.255.0 broadcast 64.113.39.255" )
routes_eth2=( "64.113.39.0/24 src 64.113.39.254 table 39net" )
routes_eth2=( "default via 64.113.39.1 table 39net" )
--------------------------
script "iprules"
placed in /etc/init.d and added to default runlevel
#!/sbin/runscript
depend() {
need net
before svscan
}
start() {
ebegin "Setting iproute2 rules."
#set up system default gateway
/sbin/ip route add default via 64.113.34.1
# set up rules
/sbin/ip rule add from 64.113.34.5 table 34net
/sbin/ip rule add from 172.30.0.50 table pvtnet
/sbin/ip rule add from 64.113.39.254 table 39net
eend 0
}
Chuck
>
> I am running the following kernel compiled from vanilla sources and the
> vs2.1.0-rc2 patch. No other patches have been applied.
> The base system is Gentoo 2005.1 except with above kernel.
>
> prometheus linux # uname -a
> Linux prometheus 2.6.13.1-vs2.1.0-rc2 #2 SMP Sat Sep 24 13:36:00 EDT 2005
i686
> Pentium III (Katmai) GenuineIntel GNU/Linux
>
> Ok here is my network setup so you see what I am up against. Need to be sure
I
> have the proper options set in the kernel for this to work.
>
> For this machine we have 3 different internet providers tying to 3 routers
and
> 3 switches and an internal private network on another switch not connected
to
> the outside..
>
> totally unique networks and ip blocks. The machine has a 4 port ethernet
card
> in it. I have only dealt with 3 networks so far and won't add the
> complication of a 4th until the first 3 work properly. the 4th should just
be
> a clone of the other public setting methods.
>
> I do not plan to have a guest a member of more than one public network. Most
> of the time it will not even be a member of the private network except in
> special cases. The private net is for communication between hosts (nfs,
> backup etc).
>
> eth0 public 1
> eth1 privatenet
> eth2 public 2
> eth3 down but will be public 3
>
> i need to be positive that the problems i am experiencing are strictly in
the
> setups of the nics and my lack of routing skills and not by some missing
> element in the kernel config.
>
> set up alone with the others down, each public nic works perfectly to the
> outside.
>
> symptoms:
> eth0 up, eth1 up both work fine.
> bring eth2 up and eth0 stops responding to the outside and other machines in
> our network and eth2 responds instead. eth1 privatenet keeps working.
> bring eth2 down and eth0 works again to the outside.
>
> below is all of my kernel network code except device driver for the nic, and
i
> am also including my vserver kernel setup.
>
> if anyone would be so kind as to review this to see if i have something set
> incorrectly for the above setups it would be much appreciated.
>
> must i have ngnet in the kernel set on with iproute2? do i even need
iproute2?
> Gentoo network scripts give the option of selecting ifconfig or iproute2 to
> use in static ip setups along with others that I won't be using such as
> wireless or dhcp.
>
>
> I also have the following in an init script which runs before the ethernets
> are started. vprocunhide runs later.
>
> start() {
> ebegin "Setting /proc options."
> /bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
> /bin/echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
> /bin/echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects
> /bin/echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
> /bin/echo "1" > /proc/sys/net/ipv4/tcp_syncookies
> eend 0
> }
>
> I had read an article somewhere that suggested the above settings were good
to
> do, and comments on the article agreed, so i did them.
>
>
> #
> # Networking options
> #
> CONFIG_PACKET=y
> # CONFIG_PACKET_MMAP is not set
> CONFIG_UNIX=y
> CONFIG_XFRM=y
> # CONFIG_XFRM_USER is not set
> # CONFIG_NET_KEY is not set
> CONFIG_INET=y
> CONFIG_IP_MULTICAST=y
> CONFIG_IP_ADVANCED_ROUTER=y
> CONFIG_ASK_IP_FIB_HASH=y
> # CONFIG_IP_FIB_TRIE is not set
> CONFIG_IP_FIB_HASH=y
> CONFIG_IP_MULTIPLE_TABLES=y
> CONFIG_IP_ROUTE_FWMARK=y
> CONFIG_IP_ROUTE_MULTIPATH=y
> # CONFIG_IP_ROUTE_MULTIPATH_CACHED is not set
> CONFIG_IP_ROUTE_VERBOSE=y
> CONFIG_IP_PNP=y
> # CONFIG_IP_PNP_DHCP is not set
> # CONFIG_IP_PNP_BOOTP is not set
> # CONFIG_IP_PNP_RARP is not set
> CONFIG_NET_IPIP=y
> CONFIG_NET_IPGRE=y
> # CONFIG_NET_IPGRE_BROADCAST is not set
> # CONFIG_IP_MROUTE is not set
> # CONFIG_ARPD is not set
> CONFIG_SYN_COOKIES=y
> # CONFIG_INET_AH is not set
> # CONFIG_INET_ESP is not set
> # CONFIG_INET_IPCOMP is not set
> CONFIG_INET_TUNNEL=y
> CONFIG_IP_TCPDIAG=y
> # CONFIG_IP_TCPDIAG_IPV6 is not set
> # CONFIG_TCP_CONG_ADVANCED is not set
> CONFIG_TCP_CONG_BIC=y
>
> #
> # IP: Virtual Server Configuration
> #
> # CONFIG_IP_VS is not set
> # CONFIG_IPV6 is not set
> CONFIG_NETFILTER=y
> # CONFIG_NETFILTER_DEBUG is not set
>
> #
> # IP: Netfilter Configuration
> #
> CONFIG_IP_NF_CONNTRACK=y
> # CONFIG_IP_NF_CT_ACCT is not set
> # CONFIG_IP_NF_CONNTRACK_MARK is not set
> # CONFIG_IP_NF_CT_PROTO_SCTP is not set
> CONFIG_IP_NF_FTP=y
> CONFIG_IP_NF_IRC=y
> CONFIG_IP_NF_TFTP=y
> # CONFIG_IP_NF_AMANDA is not set
> CONFIG_IP_NF_QUEUE=y
> CONFIG_IP_NF_IPTABLES=y
> CONFIG_IP_NF_MATCH_LIMIT=y
> CONFIG_IP_NF_MATCH_IPRANGE=y
> CONFIG_IP_NF_MATCH_MAC=y
> CONFIG_IP_NF_MATCH_PKTTYPE=y
> CONFIG_IP_NF_MATCH_MARK=y
> CONFIG_IP_NF_MATCH_MULTIPORT=y
> CONFIG_IP_NF_MATCH_TOS=y
> CONFIG_IP_NF_MATCH_RECENT=y
> CONFIG_IP_NF_MATCH_ECN=y
> CONFIG_IP_NF_MATCH_DSCP=y
> CONFIG_IP_NF_MATCH_AH_ESP=y
> CONFIG_IP_NF_MATCH_LENGTH=y
> CONFIG_IP_NF_MATCH_TTL=y
> CONFIG_IP_NF_MATCH_TCPMSS=y
> CONFIG_IP_NF_MATCH_HELPER=y
> CONFIG_IP_NF_MATCH_STATE=y
> CONFIG_IP_NF_MATCH_CONNTRACK=y
> CONFIG_IP_NF_MATCH_OWNER=y
> # CONFIG_IP_NF_MATCH_ADDRTYPE is not set
> # CONFIG_IP_NF_MATCH_REALM is not set
> # CONFIG_IP_NF_MATCH_SCTP is not set
> CONFIG_IP_NF_MATCH_COMMENT=y
> # CONFIG_IP_NF_MATCH_HASHLIMIT is not set
> CONFIG_IP_NF_FILTER=y
> CONFIG_IP_NF_TARGET_REJECT=y
> CONFIG_IP_NF_TARGET_LOG=y
> CONFIG_IP_NF_TARGET_ULOG=y
> CONFIG_IP_NF_TARGET_TCPMSS=y
> CONFIG_IP_NF_NAT=y
> CONFIG_IP_NF_NAT_NEEDED=y
> CONFIG_IP_NF_TARGET_MASQUERADE=y
> CONFIG_IP_NF_TARGET_REDIRECT=y
> CONFIG_IP_NF_TARGET_NETMAP=y
> CONFIG_IP_NF_TARGET_SAME=y
> # CONFIG_IP_NF_NAT_SNMP_BASIC is not set
> CONFIG_IP_NF_NAT_IRC=y
> CONFIG_IP_NF_NAT_FTP=y
> CONFIG_IP_NF_NAT_TFTP=y
> CONFIG_IP_NF_MANGLE=y
> CONFIG_IP_NF_TARGET_TOS=y
> CONFIG_IP_NF_TARGET_ECN=y
> CONFIG_IP_NF_TARGET_DSCP=y
> CONFIG_IP_NF_TARGET_MARK=y
> CONFIG_IP_NF_TARGET_CLASSIFY=y
> CONFIG_IP_NF_RAW=m
> CONFIG_IP_NF_TARGET_NOTRACK=m
> CONFIG_IP_NF_ARPTABLES=y
> CONFIG_IP_NF_ARPFILTER=y
> CONFIG_IP_NF_ARP_MANGLE=y
>
> #
> # SCTP Configuration (EXPERIMENTAL)
> #
> # CONFIG_IP_SCTP is not set
> # CONFIG_ATM is not set
> # CONFIG_BRIDGE is not set
> # CONFIG_VLAN_8021Q is not set
> # CONFIG_DECNET is not set
> # CONFIG_LLC2 is not set
> # CONFIG_IPX is not set
> # CONFIG_ATALK is not set
> # CONFIG_X25 is not set
> # CONFIG_LAPB is not set
> # CONFIG_NET_DIVERT is not set
> # CONFIG_ECONET is not set
> # CONFIG_WAN_ROUTER is not set
> # CONFIG_NET_SCHED is not set
> # CONFIG_NET_CLS_ROUTE is not set
>
> #
> # Network testing
> #
> # CONFIG_NET_PKTGEN is not set
> # CONFIG_HAMRADIO is not set
> # CONFIG_IRDA is not set
> # CONFIG_BT is not set
>
> #
> # Kernel hacking
> #
> # CONFIG_PRINTK_TIME is not set
> # CONFIG_DEBUG_KERNEL is not set
> CONFIG_LOG_BUF_SHIFT=15
> CONFIG_DEBUG_BUGVERBOSE=y
> CONFIG_EARLY_PRINTK=y
> CONFIG_X86_FIND_SMP_CONFIG=y
> CONFIG_X86_MPPARSE=y
> CONFIG_VSERVER=y
> CONFIG_VSERVER_LEGACYNET=y
>
> #
> # Linux VServer
> #
> # CONFIG_VSERVER_LEGACY is not set
> # CONFIG_VSERVER_NGNET is not set
> CONFIG_VSERVER_COWBL=y
> CONFIG_VSERVER_PROC_SECURE=y
> # CONFIG_VSERVER_HARDCPU is not set
> # CONFIG_INOXID_NONE is not set
> # CONFIG_INOXID_UID16 is not set
> # CONFIG_INOXID_GID16 is not set
> CONFIG_INOXID_UGID24=y
> # CONFIG_INOXID_INTERN is not set
> # CONFIG_INOXID_RUNTIME is not set
> # CONFIG_XID_TAG_NFSD is not set
> # CONFIG_VSERVER_DEBUG is not set
>
> #
>
>
>
>
> --
>
> Chuck
>
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
>
--Chuck
"...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. " The Book of John, chapter 1, page 1, and end of book
_______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver