Re: [Vserver] having a routing problem from guests

From: Chuck <chuck_at_sbbsnet.net>
Date: Tue 03 Oct 2006 - 17:14:45 BST
Message-Id: <200610031214.45810.chuck@sbbsnet.net>

On Tuesday 03 October 2006 12:06, Herbert Poetzl wrote:

oh boy.. heh i may be getting into a real situation here.. each of the 3
public interfaces will have an average of 10 -20 guests on it by the time i
am done and at least 8 of those guests will have upward of 10 ips in it with
some 26 or more.. i used the 64ip patch (as much as possible.. legacy.h no
longer has the variable to change). this means i have to set one up for each
guest and each ip within... the ips were originally assigned years ago based
on /24 not on subnets since the old machines had total access to all of a
network. i have a feeling this is not gonna be fun unless i misunderstand
something. (i am into creating a guest and telling it to 'fly' with little to
no extra work :D )

> On Tue, Oct 03, 2006 at 11:51:36AM -0400, Chuck wrote:
> > On Tuesday 03 October 2006 11:42, Herbert Poetzl wrote:
> >
> > would that mix up things when guests on the same interface come into
> > play? if on the host 32.2 interface a guest was 32.30 ?.. or would i
> > have to add an iptables and iproute rule for each guest ip as well?
>
> in a more complex setup it is generally advised
> to dedicate a separate table for each guest.
> if necessary, you can also use the mark feature
> of iptables to 'tag' traffic early and use that
> for advanced multipath routing (needs to be enabled)
>
> best,
> Herbert
>
> > > On Mon, Oct 02, 2006 at 11:46:32AM -0400, Chuck wrote:
> > > > On Monday 02 October 2006 10:18, Herbert Poetzl wrote:
> > > >
> > > > oops... forgot.. ok so then i would add the statements below with
> > > > proper
> >
> > ip
> >
> > > > for each of the 4 interfaces?
> > >
> > > yep
> > >
> > > best,
> > > Herbert
> > >
> > > > > add a masquerading/snat rule for each 'outgoing' packet
> > > > > on a specific interface, like this:
> > > > >
> > > > >  iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
> > > > >  iptables -t nat -I OUTPUT -o eth0 -j SNAT --to-source 64.113.32.2
> > > > >
> > > >
> > > > --
> > > >
> > > > Chuck
> > > >
> > > > "...and the hordes of M$*ft users descended upon me in their anger,
> > > > and asked 'Why do you not get the viruses or the BlueScreensOfDeath
> > > > or insecure system troubles and slowness or pay through the nose
> > > > for an OS as *we* do?!!', and I answered...'I use Linux'. "
> > > > The Book of John, chapter 1, page 1, and end of book
> > > >
> > > >
> > > > _______________________________________________
> > > > Vserver mailing list
> > > > Vserver@list.linux-vserver.org
> > > > http://list.linux-vserver.org/mailman/listinfo/vserver
> > >
> >
> > --
> >
> > Chuck
> >
> > "...and the hordes of M$*ft users descended upon me in their anger,
> > and asked 'Why do you not get the viruses or the BlueScreensOfDeath
> > or insecure system troubles and slowness or pay through the nose
> > for an OS as *we* do?!!', and I answered...'I use Linux'. "
> > The Book of John, chapter 1, page 1, and end of book
> >
> >
> > _______________________________________________
> > Vserver mailing list
> > Vserver@list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
>

-- 
Chuck
"...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles and slowness or pay through the nose 
for an OS as *we* do?!!', and I answered...'I use Linux'. "
The Book of John, chapter 1, page 1, and end of book
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Tue Oct 3 17:15:27 2006
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 03 Oct 2006 - 17:15:31 BST by hypermail 2.1.8