On Thu, Dec 08, 2005 at 08:09:19PM +0200, Etienne Pretorius wrote:
> Herbert Poetzl wrote:
> >On Thu, Dec 08, 2005 at 06:42:00PM +0200, Etienne Pretorius wrote:
> >>Hello all,
> >>I would just like to know how do I make my ppp0 (pppoe) interface
> >>visible and thus routable inside the vserver. I have this interface
> >>on the main server and sofar using the new style configs with
> >>bcapabilities set to CAP_SYS_ADMIN,CAP_NET_ADMIN,CAP_NET_RAW I still
> >>can't see the interface and so I can't route through it.
> >well, you are jumping to conclusions here .. first
> >a few words to clarify ...
> >- networking happens on the host (for now), the guest
> > does not interfere with that
> >- guests are restricted to IPs, not to interfaces
> >- interfaces which do not carry IPs assigned to a guest
> > are hidden inside a guest
> >- routing is placed on the host and is _not_ affected
> > by any guest setups
> >- giving CAP_SYS_ADMIN,CAP_NET_ADMIN or CAP_NET_RAW
> > is compromising your guest security, and is seldom
> > what you really want ...
> >now for your situation:
> >- the interface hiding can be controlled via the (by
> > default enabled) hide_netif flag. turn it off and
> > you will see all interfaces
> Exactly where do you specify this flag?
> No info on the flower pages.....
it's there, just check the link to lib/cflags-v13.c
> >- you probably do not 'route' through that interface
> > because the host routing does not specify any route
> > through that interface for the IP(s) assigned to
> > your guest
> Correct, except that this interface is my default route....
> no internet access for the guests.
well, if it _is_ your default route, I'm pretty
sure the packets _are_ routed there ...
but I suspect that you got the NATing wrong, so
that the packets are sent with the (probably private)
IP address of the guest ...
> >- assigning the/a ppp IP to the guest will have two
> > effects: a) ppp will become visible and b) packets
> > routed through ppp might use that IP (which is
> > probably what you want)
> A) /etc/vservers/<vservername>/interfaces/3/
> - nodev
> - ip
> - dev
> - prefix
nodev and dev are exclusive, they do not make much
sense together ...
> B) I actually need the ip that already exists on
> that interface accessible to the vserver,
> dynamic ip assignment....
then you have to 'dynamically' change the IP for
the guest (which is pretty easy with SNAT)
> Well, even specifying the assigned IP on the ppp0 interface correctly
> - plus the netmask - yealded no effect on the visibility issue.
I somewhat doubt that ...
> Herbert, I have read some of your previous posts - ppl have asked
> about the '*' under interface names when executing 'route -n' and 'ip
> route'. You said it is because the inteface is not availible on the
> guest, but if it was then it is a exact copy of the host system. BTW
> the host system can communticate with the internet - and using 'ping
> -I <dev> <ipaddr>' resulting in 'Destination Unreachable', gives me
> the idea that I require that interface.
try the following pings _on the host_
ping -c 1 -I <guest ip> www.google.com
ping -c 1 -I <host ip> www.google.com
ping -c 1 -I <ppp ip> www.google.com
make the first one work, and the guest will
have proper internet access ...
a possible way to do so is:
iptables -t nat -I POSTROUTING -s <guest ip> -j SNAT --to <ppp ip>
> Thank you,
> Vserver mailing list
Vserver mailing list
Received on Thu Dec 8 22:02:03 2005