On Mon, Nov 07, 2005 at 06:20:34PM -0500, Chuck wrote:
> I have many ip addresses on each of 4 ethernet cards using iproute2.
> one of my guests must absolutely always send and receive on a certain
> ip address which is not the first ip on the card. I have bound the
> service (radius) to that ip which is the only one the guest is given.
> I have not proven it but have a suspicion that once in a while a
> radius reply is getting sent out the primary ip of either the card or
> eth0 (the card is eth3 and the default system gateway is for eth0..
> the rest use default gateway routing via tables).
> is there some magic that can guarantee that guest and subsequent
> handling by the host can never mess up and always use that single ip
> for all traffic while not affecting other guests?
a guest, bound to a specific IP (only one), will _always_
use this IP for outgoing ip based connections, reponses
or whatever, so, as long as you do not give CAP_NET_RAW
it will ensure that only that IP is used ...
of course, this IP might be mangled by some NAT rules
so make sure _not_ to do that ...
> my net setup for this card is as follows
> config_eth3=( "220.127.116.11 netmask 255.255.255.0 broadcast 18.104.22.168" )
> routes_eth3=( "22.214.171.124/24 src 126.96.36.199 table 39net" )
> routes_eth3=( "default via 188.8.131.52 table 39net" )
> rules_eth3=( "from 184.108.40.206/24 table 39net" )
> would it work or help to duplicate the first routes_eth3 line but
> using the ip of the guest? eg:
> routes_eth3=( "220.127.116.11/24 src 18.104.22.168 table 39net" )
> or would this confuse the networking code? i would think this ip would
> be 'covered' by the rule set in the last line.
> i am still very green when it comes to iproute2 and what it can do.
routes will only 'suggest' certain IPs for outgoing
packets, there is no 'requirement' to use a certain
IP for a packet defined in IP networking
> what is happening is I am missing a LOT of stop packets. many more
> than i ever did before I moved radius to a guest and I need to fix
> this because when a stop is missed people cannot log in as they get
> simulteneous use errors.
what protocl are those packets? tcp? udp? base ip?
> maybe somehow assigning this guest slightly more priority? don't know
> .. grabbing at straws here.. the configuration of radius is fine and
> is just as it was when it was running by itself on its own server.
guess we need more info too ...
> "...and the hordes of M$*ft users descended upon me in their anger,
> and asked 'Why do you not get the viruses or the BlueScreensOfDeath
> or insecure system troubles and slowness or pay through the nose
> for an OS as *we* do?!!', and I answered...'I use Linux'. "
> The Book of John, chapter 1, page 1, and end of book
> Vserver mailing list
Vserver mailing list
Received on Wed Nov 9 21:39:36 2005