vserver development mailing list: Re: [Vserver] having a routing problem from guests

From: Herbert Poetzl <herbert_at_13thfloor.at>
Date: Tue 03 Oct 2006 - 17:06:22 BST
Message-ID: <20061003160622.GB23747@MAIL.13thfloor.at>

On Tue, Oct 03, 2006 at 11:51:36AM -0400, Chuck wrote:
> On Tuesday 03 October 2006 11:42, Herbert Poetzl wrote:
>
> would that mix up things when guests on the same interface come into
> play? if on the host 32.2 interface a guest was 32.30 ?.. or would i
> have to add an iptables and iproute rule for each guest ip as well?

in a more complex setup it is generally advised
to dedicate a separate table for each guest.
if necessary, you can also use the mark feature
of iptables to 'tag' traffic early and use that
for advanced multipath routing (needs to be enabled)

best,
Herbert

> > On Mon, Oct 02, 2006 at 11:46:32AM -0400, Chuck wrote:
> > > On Monday 02 October 2006 10:18, Herbert Poetzl wrote:
> > >
> > > oops... forgot.. ok so then i would add the statements below with
> > > proper
>
> ip
>
> > > for each of the 4 interfaces?
> >
> > yep
> >
> > best,
> > Herbert
> >
> > > > add a masquerading/snat rule for each 'outgoing' packet
> > > > on a specific interface, like this:
> > > >
> > > > iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
> > > > iptables -t nat -I OUTPUT -o eth0 -j SNAT --to-source 64.113.32.2
> > > >
> > >
> > > --
> > >
> > > Chuck
> > >
> > > "...and the hordes of M$*ft users descended upon me in their anger,
> > > and asked 'Why do you not get the viruses or the BlueScreensOfDeath
> > > or insecure system troubles and slowness or pay through the nose
> > > for an OS as *we* do?!!', and I answered...'I use Linux'. "
> > > The Book of John, chapter 1, page 1, and end of book
> > >
> > >
> > > _______________________________________________
> > > Vserver mailing list
> > > Vserver@list.linux-vserver.org
> > > http://list.linux-vserver.org/mailman/listinfo/vserver
> >
>
> --
>
> Chuck
>
> "...and the hordes of M$*ft users descended upon me in their anger,
> and asked 'Why do you not get the viruses or the BlueScreensOfDeath
> or insecure system troubles and slowness or pay through the nose
> for an OS as *we* do?!!', and I answered...'I use Linux'. "
> The Book of John, chapter 1, page 1, and end of book
>
>
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Tue Oct 3 17:07:12 2006