Re: [vserver] how to recognise packets generated inside a guest

From: Adam Majer <>
Date: Tue 22 Jan 2008 - 17:55:38 GMT
Message-ID: <>

Giovanni Di Stasi wrote:
> Il Tuesday 22 January 2008 17:42:20 Adam Majer ha scritto:
>> I just use the source address for `ip rule`.
>> ip rule add from <host> table <special routing table>
>> I think by default vservers do to have access for promiscuous mode or
>> ability to bind to raw sockets.
> But what happens when guests share the same ip address (the same ip address
> used by the host)?

I don't know - I never do this.

For vservers that are are not meant to be directly accessible from the
outside, for example database vserver, I just assign it a unique private
IP. I never came across a scenario when vserver1 and vserver2 had the
same IP assigned to them.

A problem I found some time ago was that `ip rule` stuff was being used
before POSTROUTING (makes sense I guess!). Applying a SNAT for a vserver
that was suppose to be routed out on different interface caused problems
- the packet always went out the default interface no matter what I did
to the `ip rule` tables. I'm not quite sure why it didn't work. When I
used a different box for routing it was all fixed.

- Adam
Received on Tue Jan 22 17:54:21 2008

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 22 Jan 2008 - 17:54:27 GMT by hypermail 2.1.8