Re: [vserver] Loopback issues

From: Daniel Hokka Zakrisson <daniel_at_hozac.com>
Date: Mon 27 Aug 2007 - 05:40:57 BST
Message-ID: <45019.192.168.101.6.1188189657.squirrel@intranet>

Jeff Williams wrote:
> Daniel Hokka Zakrisson wrote:
>> Jeff Williams wrote:
>>
>>> <snip>
>>> On a regular server, assigning 4.3.2.1 as an alias of the loopback
>>> interface allows the server to accept packets for 4.3.2.1 while not
>>> announcing that ip to the rest of the network. However, on the vserver
>>> host, because the host sees the 4.3.2.1 address, all traffic from other
>>> vservers (e.g. the web server) for the ip gets routed directly to the
>>> vserver rather than to the lb.
>>>
>>> I can't see any way around this. The lb sends a packet with mac address
>>> of the vserver host and the address 4.3.2.1. Therefore the host needs
>>> to
>>> be aware of the IP. However, once it is aware of the IP, it routes the
>>> traffic from all of the other vservers. Any ideas? I can only think of
>>> playing with iptables rules, but that doesn't seem like fun.
>>>
>>
>> Seems to me like iptables -t nat -A PREROUTING -i ethX -d 4.3.2.1 -j
>> DNAT
>> --to 1.2.3.4 should do the trick...
>>
>>
> Thanks Daniel, but I don't have problems with traffic from the lb
> getting to the mail vserver. My problem is that mail traffic from the
> other vservers goes directly to the mail vserver rather than the lb.

If you don't add the IP address to the host at all and just use that
iptables rule, would there be a problem? IMHO it should solve all of your
problems...

-- 
Daniel Hokka Zakrisson
Received on Mon Aug 27 05:42:06 2007
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 27 Aug 2007 - 05:42:13 BST by hypermail 2.1.8