Il Tuesday 22 January 2008 17:42:20 Adam Majer ha scritto:
> Giovanni Di Stasi wrote:
> > Hi everyone,
> > I need to recognise packets generated inside a host, so that I can apply
> > some iptables rules to them.
> >
> > I seem to remember that packets generated by a host are marked, so that
> > they can be recognised by "-m connmark --mark" of iptables. However I did
> > some tests using the nid of the guest as mark, but packets didn't get
> > caught.
> >
> > Second question: I also need to capture the packets (still generated
> > inside a guest) with an "ip rule" rule, in order to route that packets
> > with a different routing table. Does the mark apply in this case?
>
> I just use the source address for `ip rule`.
>
> ip rule add from <host> table <special routing table>
>
> I think by default vservers do to have access for promiscuous mode or
> ability to bind to raw sockets.
>
But what happens when guests share the same ip address (the same ip address
used by the host)?
Received on Tue Jan 22 17:08:16 2008