Hi
Thanks for the report. I'll contact upstream about this, and also
try to determine how it should be myself.
Regards,
// Ola
On Sat, Sep 16, 2006 at 05:22:49PM +0200, [EMAIL PROTECTED] wrote:
> Package: vzctl
> Version: 3.0.10-3
> Severity: grave
>
> (Sorry and thankful in advance this time ;) It is a long bug report.)
>
> I am now running a second setup of etch with OpenVZ. However, this
> setup has more than one public IP address. One IP is assigned to the
> host system and each additional IP is assigned to its own vps. I used
> the vanilla source 2.6.16 + OpenVZ patch and did configure the kernel
> by hand.
>
> I encountered a problem:
>
> On a regular debian system
> /proc/sys/net/ipv4/conf/eth0/proxy_arp is set to 0.
>
> If this is the case
>
> ip neigh add proxy <publicIP> dev eth0
> (taken from /usr/lib/vzctl/scripts/vps-functions ~line 111)
>
> has absolutely no effect! (But does not drop an error msg either!)
>
> By "no effect" I mean that I am unable to access the vps with its
> public IP from anywhere except from the host system because arp
> requests for the public IP of the vps are not answered.
>
> After I had determined where the problem was, I and did a rather ugly
> workaround by editing /usr/lib/vzctl/scripts/vps-functions:
>
> function vzarp()
> {
> local DEV
>
> [ -z "${NETDEVICES}" ] && vzwarning "Device list is empty"
> for DEV in $NETDEVICES; do
> sysctl -w net.ipv4.conf.$DEV.proxy_arp=1
> ${IP_CMD} neigh $1 proxy $2 dev $DEV > /dev/null 2>&1
> done
> }
>
> It works - but sysctl is executed on every single vps start (and
> stop?). In addition to those repeated executes of sysctl it might not
> be the greatest idea to add arp proxy support for private IPs to every
> local net device. What does the VE_ROUTE_SRC_DEV="eth0" value in
> /etc/vz/vz.conf exactly do btw? Maybe one(tm) could add a similar item
> which overrides $NETDEVICES filled by function vzgetnetdev() in
> /usr/lib/vzctl/scripts/vps-functions.
>
> There are other values I found flying around in connection with OpenVZ:
>
> net.ipv4.ip_forward = 1 (can be manually set via /etc/network/options)
> net.ipv4.conf.default.proxy_arp = 0
> net.ipv4.conf.all.rp_filter = 1
> kernel.sysrq = 1
> net.ipv4.conf.default.send_redirects = 1
> net.ipv4.conf.all.send_redirects = 0
> (net.ipv4.tcp_ecn = 0)
>
> One value (in my case net.ipv4.conf.venet0.send_redirects = 0) is set
> in /etc/init.d/vz in line 165. What about the other values? Shouldn't
> they be checked/set?
>
> This one really took me some time (and not just the report) ... :-/
>
>
--
--------------------- Ola Lundqvist ---------------------------
/ [EMAIL PROTECTED] Annebergsslingan 37 \
| [EMAIL PROTECTED] 654 65 KARLSTAD |
| +46 (0)54-10 14 30 +46 (0)70-332 1551 |
| http://www.opal.dhs.org UIN/icq: 4912500 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
