Re: [Vserver] guaranteeing a certain ip is used?

From: Herbert Poetzl <>
Date: Wed 09 Nov 2005 - 21:39:17 GMT
Message-ID: <>

On Mon, Nov 07, 2005 at 06:20:34PM -0500, Chuck wrote:
> I have many ip addresses on each of 4 ethernet cards using iproute2.
> one of my guests must absolutely always send and receive on a certain
> ip address which is not the first ip on the card. I have bound the
> service (radius) to that ip which is the only one the guest is given.
> I have not proven it but have a suspicion that once in a while a
> radius reply is getting sent out the primary ip of either the card or
> eth0 (the card is eth3 and the default system gateway is for eth0..
> the rest use default gateway routing via tables).
> is there some magic that can guarantee that guest and subsequent
> handling by the host can never mess up and always use that single ip
> for all traffic while not affecting other guests?

a guest, bound to a specific IP (only one), will _always_
use this IP for outgoing ip based connections, reponses
or whatever, so, as long as you do not give CAP_NET_RAW
it will ensure that only that IP is used ...

of course, this IP might be mangled by some NAT rules
so make sure _not_ to do that ...

> my net setup for this card is as follows
> config_eth3=( " netmask broadcast" )
> routes_eth3=( " src table 39net" )
> routes_eth3=( "default via table 39net" )
> rules_eth3=( "from table 39net" )
> would it work or help to duplicate the first routes_eth3 line but
> using the ip of the guest? eg:
> routes_eth3=( " src table 39net" )
> or would this confuse the networking code? i would think this ip would
> be 'covered' by the rule set in the last line.
> i am still very green when it comes to iproute2 and what it can do.

routes will only 'suggest' certain IPs for outgoing
packets, there is no 'requirement' to use a certain
IP for a packet defined in IP networking

> what is happening is I am missing a LOT of stop packets. many more
> than i ever did before I moved radius to a guest and I need to fix
> this because when a stop is missed people cannot log in as they get
> simulteneous use errors.

what protocl are those packets? tcp? udp? base ip?

> maybe somehow assigning this guest slightly more priority? don't know
> .. grabbing at straws here.. the configuration of radius is fine and
> is just as it was when it was running by itself on its own server.

guess we need more info too ...


> --
> Chuck
> "...and the hordes of M$*ft users descended upon me in their anger,
> and asked 'Why do you not get the viruses or the BlueScreensOfDeath
> or insecure system troubles and slowness or pay through the nose
> for an OS as *we* do?!!', and I answered...'I use Linux'. "
> The Book of John, chapter 1, page 1, and end of book
> _______________________________________________
> Vserver mailing list
Vserver mailing list
Received on Wed Nov 9 21:39:36 2005

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 09 Nov 2005 - 21:39:41 GMT by hypermail 2.1.8