Re: [Vserver] Confused by routing
Hi Gilles! here is an example setup how to accomplish your 'funny' routing scenario ... enjoy! +-+ | | | Host 1| | |+---+ | 192.168.0.1/24|| | | || Host2 (FW) | | 172.16.0.2/16 || | | 172.17.0.2/16 || 192.168.0.2/24 | | || | | +-+ || 172.16.0.2/16 | | | | |eth0.2 | 172.17.0.2/16 | | | Guest 1 | |172.16.0.0/16 | | | | +--+ | | | 172.16.0.1/16 | || ` | | | | || ¦ | | +-+ || ¦ | | || ¦ rules | | +-+ || ¦ | | | | |eth0.3 | ¦ | | | Guest 2 | |172.17.0.0/16 | , | | | +--+ | | | 172.17.0.1/16 | || | | | | |+---+ | +-+ | | | +-+ Tested as two QEMU instances connected via a simple bridging setup on the real machine ... Bridge on Real: === ifconfig tun0 0.0.0.0 up ifconfig tun1 0.0.0.0 up brctl addbr br0 brctl addif br0 tun0 brctl addif br0 tun1 Host 1 Setup: = /* basic network setup for QEMU */ ifconfig lo 127.0.0.1 ifconfig eth0 hw ether 00:00:00:00:00:01 ifconfig eth0 192.168.0.1 /* create VLAN taggings */ vconfig add eth0 2 vconfig add eth0 3 /* configure interfaces */ ifconfig eth0.2 172.16.0.1 ifconfig eth0.3 172.17.0.1 Host 2 Setup: = /* basic network setup for QEMU */ ifconfig lo 127.0.0.1 ifconfig eth0 hw ether 00:00:00:00:00:02 ifconfig eth0 192.168.0.2 /* create VLAN taggings */ vconfig add eth0 2 vconfig add eth0 3 /* configure interfaces */ ifconfig eth0.2 172.16.0.2 ifconfig eth0.3 172.17.0.2 Host 1 Magic: = /* default gw for Guest 1 */ ip rule add from 172.16.0.1 table 16 ip route add default via 172.16.0.2 table 16 ip route del 172.16.0.0/16 /* default gw for Guest 2 */ ip rule add from 172.17.0.1 table 17 ip route add default via 172.17.0.2 table 17 ip route del 172.17.0.0/16 /* nat to avoid local table */ iptables -t nat -A OUTPUT -d 172.17.0.1 -j DNAT --to 172.17.1.1 iptables -t nat -A OUTPUT -d 172.16.0.1 -j DNAT --to 172.16.1.1 Host 2 Magic: = /* enable forwarding */ echo 1 >/proc/sys/net/ipv4/ip_forward /* nat between 172.16.1.1 and 172.16.0.1 */ iptables -t nat -A PREROUTING -d 172.16.1.1 -j DNAT --to 172.16.0.1 iptables -t nat -A POSTROUTING -s 172.16.0.1 -j SNAT --to 172.16.1.1 /* nat between 172.17.1.1 and 172.17.0.1 */ iptables -t nat -A PREROUTING -d 172.17.1.1 -j DNAT --to 172.17.0.1 iptables -t nat -A POSTROUTING -s 172.17.0.1 -j SNAT --to 172.17.1.1 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Confused by routing
On Fri, May 27, 2005 at 12:24:12PM +0200, Herbert Poetzl wrote: > > Hi Gilles! > > here is an example setup how to accomplish your 'funny' > routing scenario ... enjoy! > > > > +-+ > | | > | Host 1| > | |+---+ > | 192.168.0.1/24|| | > | || Host2 (FW) | > | 172.16.0.2/16 || | > | 172.17.0.2/16 || 192.168.0.2/24 | > | || | > | +-+ || 172.16.0.2/16 | > | | | |eth0.2 | 172.17.0.2/16 | > | | Guest 1 | |172.16.0.0/16 | | > | | +--+ | > | | 172.16.0.1/16 | || ` | > | | | || ¦ | > | +-+ || ¦ | > | || ¦ rules | > | +-+ || ¦ | > | | | |eth0.3 | ¦ | > | | Guest 2 | |172.17.0.0/16 | , | > | | +--+ | > | | 172.17.0.1/16 | || | > | | | |+---+ > | +-+ | > | | > +-+ > > > Tested as two QEMU instances connected via a simple > bridging setup on the real machine ... > > Bridge on Real: > === > > ifconfig tun0 0.0.0.0 up > ifconfig tun1 0.0.0.0 up > > brctl addbr br0 > brctl addif br0 tun0 > brctl addif br0 tun1 > > > Host 1 Setup: > = > > /* basic network setup for QEMU */ > ifconfig lo 127.0.0.1 > ifconfig eth0 hw ether 00:00:00:00:00:01 > ifconfig eth0 192.168.0.1 > > /* create VLAN taggings */ > vconfig add eth0 2 > vconfig add eth0 3 > > /* configure interfaces */ > ifconfig eth0.2 172.16.0.1 > ifconfig eth0.3 172.17.0.1 > > Host 2 Setup: > = > > /* basic network setup for QEMU */ > ifconfig lo 127.0.0.1 > ifconfig eth0 hw ether 00:00:00:00:00:02 > ifconfig eth0 192.168.0.2 > > /* create VLAN taggings */ > vconfig add eth0 2 > vconfig add eth0 3 > > /* configure interfaces */ > ifconfig eth0.2 172.16.0.2 > ifconfig eth0.3 172.17.0.2 > > > Host 1 Magic: > = > > /* default gw for Guest 1 */ > ip rule add from 172.16.0.1 table 16 > ip route add default via 172.16.0.2 table 16 > ip route del 172.16.0.0/16 > > /* default gw for Guest 2 */ > ip rule add from 172.17.0.1 table 17 > ip route add default via 172.17.0.2 table 17 > ip route del 172.17.0.0/16 > > /* nat to avoid local table */ > iptables -t nat -A OUTPUT -d 172.17.0.1 -j DNAT --to 172.17.1.1 > iptables -t nat -A OUTPUT -d 172.16.0.1 -j DNAT --to 172.16.1.1 if you want to see the 'correct' IPs on Host 1 too, just add the following rules: iptables -t nat -A POSTROUTING -s 172.17.1.1 -j SNAT --to 172.17.0.1 iptables -t nat -A POSTROUTING -s 172.16.1.1 -j SNAT --to 172.16.0.1 (somehow I didn't care though) > > Host 2 Magic: > = > > /* enable forwarding */ > echo 1 >/proc/sys/net/ipv4/ip_forward > > /* nat between 172.16.1.1 and 172.16.0.1 */ > iptables -t nat -A PREROUTING -d 172.16.1.1 -j DNAT --to 172.16.0.1 > iptables -t nat -A POSTROUTING -s 172.16.0.1 -j SNAT --to 172.16.1.1 > > /* nat between 172.17.1.1 and 172.17.0.1 */ > iptables -t nat -A PREROUTING -d 172.17.1.1 -j DNAT --to 172.17.0.1 > iptables -t nat -A POSTROUTING -s 172.17.0.1 -j SNAT --to 172.17.1.1 > > > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Confused by routing
Hi Herbert, Thanks a lot for this complete example. I'll muse on it (may take some time!). Two small questions, to be sure: 1. Everything is setup on the Host(s), nothing on the guest (i.e. in the "pre-start.d" et al. directories)? 2. Vserver and QEMU setups are the same wrt connecting to the Host and outer world? Best, Gilles ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Start-Up Scipts
Hi List, I have a little problem with vserver Start-up scriots... I am running Gentoo Host/Guest with 2.6.9 kernel and vserver-tools 0.30.196 1) I have a vServer called "wwwmain" - I added a script "wwwmain.sh" in /etc/vservers/ but it seems that this is never executed.. 2) I want to create a "mount --bind" inside the vserver. The problem is that I need this mount-point already when running through the init (Apache has its config on this mount) I tried "vnamespace -e wwwmain mount --bind" which works fine after starting the vserver, but how can I call this command when the context is set up but the init has not started... Oliver -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72 smime.p7s Description: S/MIME Cryptographic Signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] 2.0 question
I've been trying to follow: http://linux-vserver.org/NGNET-Testing-HOWTO with 2.6.11.10-vs2.0-rc2, but I get: # vnet -x -n -d lo vc_add_vndev: Function not implemented I must be missing something obvious :-) TIA Grisha ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Start-Up Scipts
Can you add the bind mount to /etc/vservers/wwwmain/fstab so that it is mounted on startup? micah Oliver Welter schrieb am Friday, den 27. May 2005: > Hi List, > > I have a little problem with vserver Start-up scriots... > I am running Gentoo Host/Guest with 2.6.9 kernel and vserver-tools 0.30.196 > > 1) I have a vServer called "wwwmain" - I added a script "wwwmain.sh" in > /etc/vservers/ but it seems that this is never executed.. > > 2) I want to create a "mount --bind" inside the vserver. The problem is > that I need this mount-point already when running through the init > (Apache has its config on this mount) > I tried "vnamespace -e wwwmain mount --bind" which works fine after > starting the vserver, but how can I call this command when the context > is set up but the init has not started... > > Oliver > -- > Diese Nachricht wurde digital unterschrieben > oliwel's public key: http://www.oliwel.de/oliwel.crt > Basiszertifikat: http://www.ldv.ei.tum.de/page72 > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] 2.0 question
Hallo Gregory, du schrobst: > I've been trying to follow: http://linux-vserver.org/NGNET-Testing-HOWTO > with 2.6.11.10-vs2.0-rc2, but I get: > > # vnet -x -n -d lo > vc_add_vndev: Function not implemented Have you applied http://vserver.13thfloor.at/Experimental/NGNET/diff-vs2.0-pre4-ng9.5.diff as well as the vs2.0-rc2-patch? FaUl -- [Frank Klemm zu Emacs] Warum werden die Funktionen nicht mit Passwörtern versehen? pgpE8kVWGIcfE.pgp Description: PGP signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] util-vserver docs
I ( think ) I went all over the site and wiki but never seemed to come
across the documentation for util-vserver package.
I could swear I found some last time I looked at it but no luck this time.
Do I have to download and install it?
TIA,
Rod
--
"Open Source Software - You usually get more than you pay for..."
"Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL"
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] util-vserver docs
On Saturday 28 May 2005 02:23, Roderick A. Anderson ( RA )wrote: >I ( think ) I went all over the site and wiki but never seemed to come >across the documentation for util-vserver package. > >I could swear I found some last time I looked at it but no luck this time. >Do I have to download and install it? > > Well the documentation (aka flower page) is here: http://www.nongnu.org/util-vserver/doc/conf/configuration.html -- There's no future in time travel. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] util-vserver docs
On Sat, May 28, 2005 at 02:33:32AM +0200, Christian Heim wrote: > On Saturday 28 May 2005 02:23, Roderick A. Anderson ( RA )wrote: > >I ( think ) I went all over the site and wiki but never seemed to come > >across the documentation for util-vserver package. > > > >I could swear I found some last time I looked at it but no luck this time. > >Do I have to download and install it? there are also two big links on the main page: # [The Great Flower Page] (1.9.x configuration) # alpha util-vserver http://linux-vserver.org/alpha+util-vserver > Well the documentation (aka flower page) is here: > http://www.nongnu.org/util-vserver/doc/conf/configuration.html > > -- > There's no future in time travel. > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
