Giovanni Di Stasi wrote:
> Il Tuesday 22 January 2008 17:42:20 Adam Majer ha scritto:
>> I just use the source address for `ip rule`.
>>
>> ip rule add from <host> table <special routing table>
>>
>> I think by default vservers do to have access for promiscuous mode or
>> ability to bind to raw sockets.
>>
>
> But what happens when guests share the same ip address (the same ip address
> used by the host)?
I don't know - I never do this.
For vservers that are are not meant to be directly accessible from the
outside, for example database vserver, I just assign it a unique private
IP. I never came across a scenario when vserver1 and vserver2 had the
same IP assigned to them.
A problem I found some time ago was that `ip rule` stuff was being used
before POSTROUTING (makes sense I guess!). Applying a SNAT for a vserver
that was suppose to be routed out on different interface caused problems
- the packet always went out the default interface no matter what I did
to the `ip rule` tables. I'm not quite sure why it didn't work. When I
used a different box for routing it was all fixed.
- Adam
Received on Tue Jan 22 17:54:21 2008