Hi Thanks for the report. I'll contact upstream about this, and also try to determine how it should be myself.
Regards, // Ola On Sat, Sep 16, 2006 at 05:22:49PM +0200, [EMAIL PROTECTED] wrote: > Package: vzctl > Version: 3.0.10-3 > Severity: grave > > (Sorry and thankful in advance this time ;) It is a long bug report.) > > I am now running a second setup of etch with OpenVZ. However, this > setup has more than one public IP address. One IP is assigned to the > host system and each additional IP is assigned to its own vps. I used > the vanilla source 2.6.16 + OpenVZ patch and did configure the kernel > by hand. > > I encountered a problem: > > On a regular debian system > /proc/sys/net/ipv4/conf/eth0/proxy_arp is set to 0. > > If this is the case > > ip neigh add proxy <publicIP> dev eth0 > (taken from /usr/lib/vzctl/scripts/vps-functions ~line 111) > > has absolutely no effect! (But does not drop an error msg either!) > > By "no effect" I mean that I am unable to access the vps with its > public IP from anywhere except from the host system because arp > requests for the public IP of the vps are not answered. > > After I had determined where the problem was, I and did a rather ugly > workaround by editing /usr/lib/vzctl/scripts/vps-functions: > > function vzarp() > { > local DEV > > [ -z "${NETDEVICES}" ] && vzwarning "Device list is empty" > for DEV in $NETDEVICES; do > sysctl -w net.ipv4.conf.$DEV.proxy_arp=1 > ${IP_CMD} neigh $1 proxy $2 dev $DEV > /dev/null 2>&1 > done > } > > It works - but sysctl is executed on every single vps start (and > stop?). In addition to those repeated executes of sysctl it might not > be the greatest idea to add arp proxy support for private IPs to every > local net device. What does the VE_ROUTE_SRC_DEV="eth0" value in > /etc/vz/vz.conf exactly do btw? Maybe one(tm) could add a similar item > which overrides $NETDEVICES filled by function vzgetnetdev() in > /usr/lib/vzctl/scripts/vps-functions. > > There are other values I found flying around in connection with OpenVZ: > > net.ipv4.ip_forward = 1 (can be manually set via /etc/network/options) > net.ipv4.conf.default.proxy_arp = 0 > net.ipv4.conf.all.rp_filter = 1 > kernel.sysrq = 1 > net.ipv4.conf.default.send_redirects = 1 > net.ipv4.conf.all.send_redirects = 0 > (net.ipv4.tcp_ecn = 0) > > One value (in my case net.ipv4.conf.venet0.send_redirects = 0) is set > in /etc/init.d/vz in line 165. What about the other values? Shouldn't > they be checked/set? > > This one really took me some time (and not just the report) ... :-/ > > -- --------------------- Ola Lundqvist --------------------------- / [EMAIL PROTECTED] Annebergsslingan 37 \ | [EMAIL PROTECTED] 654 65 KARLSTAD | | +46 (0)54-10 14 30 +46 (0)70-332 1551 | | http://www.opal.dhs.org UIN/icq: 4912500 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --------------------------------------------------------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]