Re: AW: AW: [vserver] Using loopback for guest-guest and guest-host communication but still remapping:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: AW: AW: [vserver] Using loopback for guest-guest and guest-host communication but still remapping

From: Gordan Bobic <gordan_at_bobich.net>
Date: Wed 29 Feb 2012 - 12:53:08 GMT
Message-ID: <4F4E1FB4.4000705@bobich.net>

Gordan Bobic wrote:
> Fiedler Roman wrote:
>>> -----Ursprüngliche Nachricht-----
>>> Von: Gordan Bobic [mailto:gordan@bobich.net]
>>>
>>> Fiedler Roman wrote:
>>>>> -----Ursprüngliche Nachricht-----
>>>>> Von: Gordan Bobic [mailto:gordan@bobich.net]
>>>>>
>>>>>> Fiedler Roman wrote:
>>>>>> ....
>>>>>> I'm trying to configure networking on a machine, where we cannot
>>>>>> use any
>>>>>> private network for internal communication because I might need to
>>>>>> receive
>>>>>> traffic from that network. So I can only use loopback, one
>>>>>> private IP-Range IP
>>>>>> (server external IP) and I do not want to grab one public IP-range
>>>>>> for internal
>>>>>> communication if avoidable.
>>> ....
>>>> Connect from guest to 127.0.1.1:80 is still remapped to 127.0.2.1,
>>>> which is
>>>> guest itself. So no connection to host via lo possible.
>>> You are using 127/8 subnet on the dummy device - that won't work. You
>>> need a non-loopback IP range on the dummy interface, e.g. 192.168/16.
>>
>> Thanks for your reply. I already used configuration with non-127 dummy
>> interface
>> and they are working. In current use case (description above), I have
>> the problem,
>> that organization cannot tell me, which private network is not in use
>> at their
>> location. Since I cannot handle requests from their network if I bind
>> IPs to local
>> interface, I was trying to do it without need of any other IPs than
>> from range
>> 127.0.0.0/8.
>
> That is most unfortunate, but I don't see a workaround - they will have
> to find a suitable small private subnet in 10/8, 172.16/12 or 192.168/16
> that you can use. But since that subnet will never be routable outside
> the machine itself, you can re-use it on all similar servers.

Thinking about it, you may also be able to get away with using
169.254/24 link-local range for this - subject to your client's network
not doing something broken with requiring that range to be routable. In
theory it should be used only for internal or point-to-point connections.

Gordan
Received on Wed Feb 29 12:53:20 2012

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 29 Feb 2012 - 12:53:20 GMT by hypermail 2.1.8