Re: [Vserver] Routing issue with multiple networks on host / vlans

2005-09-09 Thread Herbert Poetzl 
On Thu, Sep 08, 2005 at 02:40:25PM +0200, Oliver Welter wrote:
 Hi List,
 
 I have a stupid problem and cant track it down :(
 
 I have a host system running, that owns IP in two networks (realized
 via VLANs if it matters)
 
 So I have:
 eth0.1 - 10.0.0.10 (NetA)
 eth0.2 - 192.168.0.10 (NetB)
 
 The setup on the host ist running, means I can ping hosts in both
 networks, the default route is set via the 10. and works, too. Both
 IPs can be pinged from outside too.
 
 Now the problem:
 I have a guest that owns only an IP from NetA - I can ping everythig
 except hosts in NetB. The problem seems to be, that there is a route
 for NetB shown inside the server, but this route uses an invalid
 interface (the other VLAN, it is indicatede with * in the routing
 table)
 
 route -n:
 10.0.0.0/24 - eth0.1
 192.168.168.0.0/24 - *
 0.0.0.0/0 - 10.0.0.1
 
 So any ideas how I can remove the invalid route from the vServer ?
 The expected behaviour will be, that the guest sends the packets for
 NetB to the router (a cisco maschine) using the default route as the
 destination is not on the same network.

*sigh* this is a common misconception, networking
(for now, i.e. without ngnet) is happening on the
host, so everything the host has or does will be
applicable for the guests as well, except for the
fact that they might be reduced in flexibility
regarding the IP addresses ...

 It might also be a solution to use the host system for routing between
 the nets...

no, because the host is already routing the nets :)

 Is there any solution with teh real IPs or must I create
 loopback/dummy networks and lots of NATs ?

loopback/dummy will not change the situation, but for
what you actually want, SNAT is the correct solution

now for the part _what_ you want :)

situation:

 the guest is restricted to some ip on NetA, lets
 for now assume it's 10.0.0.42, and it is supposed
 to use a router (10.0.0.1) to reach a host on 
 NetB (e.g. 192.168.0.42) ... but, the host already
 has a route to reach the network directly, so what
 it sends the packets (with 10.0.0.42 as source)
 directly to NetB, where the hosts get strange
 packets (at best) ...

solution:

 add a second routing table, base the routing on
 the source ip (thus routing the traffic originating
 from 10.0.0.x ips through 10.0.0.1) and be happy

catch:
 
 this will not work if the to-be-reached ip is on
 the same host (e.g. different guest) because local
 IPs are _always_ preferred over any routing ...

documentation:

http://archives.linux-vserver.org/200311/0470.html
http://list.linux-vserver.org/archive/vserver/msg09837.html

http://list.linux-vserver.org/archive/vserver/msg06615.html
http://list.linux-vserver.org/archive/vserver/msg06631.html
http://list.linux-vserver.org/archive/vserver/msg06667.html

HTH,
Herbert

 Oliver
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] /proc/sysrq-trigger entry

2005-09-09 Thread Subhabrata Bhattacharya 
 ahem, interresting ... please provide the
 output of the testme.sh script for further
 investigations ...

Here is the output :
 
[EMAIL PROTECTED] util-vserver-0.30.208]# ./testme.sh
Linux-VServer Test [V0.13] Copyright (C) 2003-2005 H.Poetzl
chcontext is working.
chbind is working.
Linux 2.6.12-vs2.0 i686/0.30.208/0.30.208 [Ea] (0)
VCI:  0002:0001 273 03010036
---
[000]# succeeded.
[001]# succeeded.
[011]# succeeded.
[031]# succeeded.
[101]# succeeded.
[102]# succeeded.
[201]# succeeded.
[202]# succeeded.
[EMAIL PROTECTED] util-vserver-0.30.208]#

~$ubh
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Routing issue with multiple networks on host / vlans

2005-09-09 Thread Herbert Poetzl 
On Fri, Sep 09, 2005 at 08:48:58AM +0200, Oliver Welter wrote:
 Hello Herbert,
 
 *sigh* this is a common misconception, networking
 (for now, i.e. without ngnet) is happening on the
 
 Do I interpret that right, that ngnet will solve the problem ?

no problem here, it's just that it works differently
as most folks might suspect (especially if coming
from UML or XEN or even virtual machines like QEMU
or Bochs)

 How stable is ngnet - is it risky to use ni a production env ?

currently it is neither stable nor really available
for vs2.0, there were some experimental patches for
1.9.x to get a working prototype and test the 
implications (btw, testing was successful so we
will work on that in the near future as time permits)

best,
Herbert

 Oliver
 -- 
 Diese Nachricht wurde digital unterschrieben
 oliwel's public key: http://www.oliwel.de/oliwel.crt
 Basiszertifikat: http://www.ldv.ei.tum.de/page72


___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] Proc Security in V2.0

2005-09-09 Thread Tor Rune Skoglund 
Hi there, 

Quote http://linux-vserver.org/Proc-Security:

Default flagging
As of now stable defaults to all proc entries visible everywhere, development 
and experimental versions default to all proc entries only visible in context 
0.

It seems like this is still valid for vs2.0 stable, although I
would expect it to change to all proc entries hidden.
At least that would be the logic of having the 
vprocunhide utility and the default limiting settings in 
vprocunhide-files   (?)

At least all proc entries are visible by default on my first
vs2.0 Might I be missing something here?

This is a Gentoo host and vserver, using the portage
ebuilds for sources and the vserver-new command to 
make the first vserver. Util-vserver is 208.

Best regards,
Tor Rune Skoglund
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver