[vserver] host route visible to guests - is this normal?:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

[vserver] host route visible to guests - is this normal?

From: Mark Lagace <vserver_at_grandpoobah.ca>
Date: Sun 31 Jan 2010 - 03:47:50 GMT
Message-ID: <1264909670.3414.31.camel@vladimir>

Hi folks,

I've just recently set up vserver and had a question regarding
networking behaviour for guests. A few more details of the setup are
further below, but essentially I followed the advice from the wiki
(http://www.linux-vserver.org/Networking_vserver_guests) for setting up
networking on the guest OS.

The host has a single ethernet connection (eth0) with ip 192.168.0.150
and a default gateway of 192.168.0.1. I set up the dummy0 interface on
the host with the ip 10.1.1.1/8 and set the guest to use dummy0 and the
ip 10.1.1.10/8 using the /etc/vservers/[vservername]/interfaces/0/[dev,
ip, prefix] entries. I then set the nat entries with iptables on the
host to NAT the guest vserver address. (i.e. iptables -t nat -A
POSTROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j SNAT --to-source
192.168.0.150).

Everything works - at least the guest has network access and the reverse
works fine too (i.e. routing outside ports to the guest). The question I
have is more related to the separation of the guest and host. On the
guest (despite being assigned the dummy0 interface and 10.0.0.0/8
address range, I can still see the route using the 192.168.0.0/24
network. Is this "normal"?

On the guest:
Output from ip link show:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UNKNOWN
    link/ether 62:8b:5d:13:37:6f brd ff:ff:ff:ff:ff:ff

Output from ip addr show:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
3: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UNKNOWN
    link/ether 62:8b:5d:13:37:6f brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.10/8 brd 10.255.255.255 scope global secondary dummy0

Output from ip route show:
192.168.0.0/24 dev if2 proto kernel scope link src 192.168.0.150
10.0.0.0/8 dev dummy0 proto kernel scope link src 10.1.1.1
127.0.0.0/8 dev lo scope link
default via 192.168.0.1 dev if2

In particular, the last part concerns me - the default via 192.168.0.1
is the host's default route. I would have assumed the guest should have
a default route based on the 10.1.1.10 ip address that it was assigned.
The output from the link and addr queries seems to suggest this (and
loopback) are the only addresses it knows about, so where is the
192.168.0.1 coming from if not the host?

Mark 

--
More info if it happens to be relevant...
host and guest are gentoo
kernel version: linux-2.6.31.11-vs2.3.0.36.28-grsec2.1.14
util-vserver version: util-vserver-0.30.216_pre2864
HIDE_NETIF is in the cflags and nflags in the configuration directory
ip outputs on the host (while the guest is running - if the guest is
stopped the secondary address on dummy0 disappears):
ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN qlen 1000
    link/ether 90:e6:ba:cc:b7:70 brd ff:ff:ff:ff:ff:ff
3: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UNKNOWN 
    link/ether 62:8b:5d:13:37:6f brd ff:ff:ff:ff:ff:ff
ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN qlen 1000
    link/ether 90:e6:ba:cc:b7:70 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.150/24 brd 192.168.0.255 scope global eth0
3: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UNKNOWN 
    link/ether 62:8b:5d:13:37:6f brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.1/8 brd 10.255.255.255 scope global dummy0
    inet 10.1.1.10/8 brd 10.255.255.255 scope global secondary dummy0
ip route show
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.150 
10.0.0.0/8 dev dummy0  proto kernel  scope link  src 10.1.1.1 
127.0.0.0/8 dev lo  scope link 
default via 192.168.0.1 dev eth0
Received on Sun Jan 31 03:48:10 2010
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sun 31 Jan 2010 - 03:48:46 GMT by hypermail 2.1.8