2005/12/19, Herbert Poetzl <herbert@13thfloor.at>:
>
> On Mon, Dec 19, 2005 at 01:00:48PM -0500, Jairo Enrique Serrano Castaņeda
> wrote:
> > >
> > >
> > > not unexpected, unless your router (172.16.3.16)
> > > also masquerades private addresses like 192.168.1.2
> >
> >
> > my unusual router are 172.16.3.16
> >
> > > how do it?
> > >
> > > simple:
> > >
> > iptables -t nat -I POSTROUTING -s 192.168.1.2 -j SNAT --to 172.16.3.102
> >
> >
> > i have a "real" network ip of my lan... 172.16.3.103, i do a ip alias
> >
> > # Original
> > iface eth0 inet static
> > address 172.16.3.102
> > netmask 255.255.255.0
> > network 172.16.3.0
> > broadcast 172.16.3.255
> > gateway 172.16.3.16
> > # dns-* options are implemented by the resolvconf package, if
> > installed
> > dns-nameservers 200.106.128.4
> >
> > #alias
> > iface eth0:1 inet static
> > address 172.16.3.103
> > netmask 255.255.255.0
> > network 172.16.3.0
> > broadcast 172.16.3.255
> > gateway 172.16.3.16
>
> the second gateway is confusing ... at least it might
> give strange results for 'different' gateways/networks
>
> dns-nameservers 200.106.128.4
> >
> >
> > in the virtual server have:
> > root@sv1:/# route
> > Kernel IP routing table
> > Destination Gateway Genmask Flags Metric Ref Use
> > Iface
> > 172.16.3.0 * 255.255.255.0 U 0 0 0
> eth0
> > default 172.16.3.16 0.0.0.0 UG 0 0 0
> eth0
> > default 172.16.3.16 0.0.0.0 UG 0 0 0
> eth0
> >
> > in the Host server have:
> > savio@sv0:~$ route
> > Kernel IP routing table
> > Destination Gateway Genmask Flags Metric Ref Use
> > Iface
> > localnet * 255.255.255.0 U 0 0 0
> eth0
> > default 172.16.3.16 0.0.0.0 UG 0 0 0
> eth0
> > default 172.16.3.16 0.0.0.0 UG 0 0 0
> eth0
> >
> > looks equal...
>
> yep, should be fine too, your last email contained
> a guest setup with 192.168.x.x though ...
sorry for the change... in not know to do... ;)
> the two ips are functional...
> >
> ------------------------------------------------------------------------------------------------
> >
> > savio@sv0:~$ ping 172.16.3.102
> > PING 172.16.3.102 (172.16.3.102) 56(84) bytes of data.
> > 64 bytes from 172.16.3.102: icmp_seq=1 ttl=64 time=0.023 ms
> > 64 bytes from 172.16.3.102: icmp_seq=2 ttl=64 time=0.007 ms
> > --- 172.16.3.102 ping statistics ---
>
> as you see, this doesn't tell anything, it just
> contacts localhost, and the packet is transmitted
> via the loopback device (does not even hit the
> network or router)
>
> > 2 packets transmitted, 2 received, 0% packet loss, time 999ms
> > rtt min/avg/max/mdev = 0.007/0.015/0.023/0.008 ms
> >
> >
> ------------------------------------------------------------------------------------------------
> >
> > savio@sv0:~$ ping 172.16.3.103
> > PING 172.16.3.103 (172.16.3.103) 56(84) bytes of data.
> > 64 bytes from 172.16.3.103: icmp_seq=1 ttl=64 time=0.018 ms
> > 64 bytes from 172.16.3.103: icmp_seq=2 ttl=64 time=0.008 ms
> > --- 172.16.3.103 ping statistics ---
> > 2 packets transmitted, 2 received, 0% packet loss, time 1000ms
> > rtt min/avg/max/mdev = 0.008/0.013/0.018/0.005 ms
> >
> >
> ------------------------------------------------------------------------------------------------
>
> try the following (on the host) just to verify that
> your router is doing the proper stuff:
>
> ping -c 2 -I 172.16.3.102 www.google.com
----------------------------------------------------------------------------------------------------------------------
in the server..
root@sv0:/home/savio# ping -c 2 -I 172.16.3.102 www.google.com
PING www.l.google.com (64.233.187.104) from 172.16.3.102 : 56(84) bytes of
data.
64 bytes from 64.233.187.104: icmp_seq=1 ttl=242 time=159 ms
64 bytes from 64.233.187.104: icmp_seq=2 ttl=242 time=213 ms
--- www.l.google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 159.191/186.328/213.466/27.140 ms
----------------------------------------------------------------------------------------------------------------------
in the vserver...
root@sv0:/home/savio# vserver sv1 enter
mesg: /dev/pts/0: Operation not permitted
root@sv1:/# ping -c 2 -I 172.16.3.102 www.google.com
ping: unknown host www.google.com
:( dont works...
----------------------------------------------------------------------------------------------------------------------
ping -c 2 -I 172.16.3.103 www.google.com
>
> if one of those fails (or both) then something is
> broken with your router
i try to see in the router (not work with that - the firewall administrator
its other people...)
> but not resolv functional...
>
> verify that /etc/resolv.conf has proper nameserver
> entries inside the guest (i.e. very likely the same
> ones you have on the host)
server:
root@sv0:/home/savio# cat /etc/resolv.conf
nameserver 200.106.128.4
vserver:
root@sv1:/# cat /etc/resolv.conf
nameserver 200.106.128.4
HTH,
> Herbert
>
> > > any fault in the config???
> > >
> > > no, looks fine, although I'd add a prefix (e.g.
> > > containing 24) to the interfaces/0
> > >
> > > HTH,
> > > Herbert
>
Thanks a lot for your help!
-- Jairo Enrique Serrano Castaņeda Ingeniero de Sistemas UTB http://www.jsnat.com http://www.drupal.org.es
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Mon Dec 19 19:20:10 2005