Micah, which vserver version are you using? I remember seeing this back in ctx 17 (? i think ?) but I'm not seeing it in vs 1.26.
Cathy On Wed, 21 Apr 2004, Liam Helmer wrote: > Oh, ok. Then, it's probably an iptables rule that's doing it, 'cause the > processes inside the vserver wouldn't be able to bind to that IP to > connect otherwise. Check and make sure that you've excluded traffic to > private ips from your SNAT/MASQUERADE rules. > > Cheers, > Liam > > On Wed, 2004-04-21 at 19:07, Micah Anderson wrote: > > You may have missed the section below where I include the > > vservers/<name>.conf file which shows clearly that the private IP is > > in the IPROOT= variable, and this still doesn't work. > > > > micah > > > > On Wed, 21 Apr 2004, Liam Helmer wrote: > > > > > To make it communicate using a private IP would involved adding that > > > private ip to it's IPROOT= variable in the vservsers/<name>.conf file. > > > However, you're probably much better off adding permissions to the mysql > > > server so that that the external IP can connect, and not changing the > > > vserver config at all. > > > > > > Cheers, > > > Liam > > > > > > On Wed, 2004-04-21 at 02:03, Micah Anderson wrote: > > > > I've got a vserver whose IP is 192.168.0.1 and another whose is > > > > 192.168.0.2. I can ping between these two vservers fine, however, I > > > > tried to setup mysql to connect from .1 to .2 and found that it was > > > > using the host's actual IP to connect, instead of the private IP: > > > > > > > > $ mysqladmin -h 192.168.0.2 ping > > > > connect to server at '192.168.0.2' failed > > > > error: 'Host '212.112.147.194' is not allowed to connect to this MySQL > > > > server' > > > > > > > > I used tcpdump to look at the different interfaces, and it was only > > > > when I looked at the loopback did I see the traffic happening: > > > > > > > > 18:51:54.867738 212.112.147.194.43166 > 192.168.0.2.mysql: S > > > > 648997658:648997658(0) win 32767 <mss 16396,sackOK,timestamp 88679821 > > > > 0,nop,wscale 0> (DF) > > > > 18:51:54.867825 192.168.0.2.mysql > 212.112.147.194.43166: S > > > > 649947611:649947611(0) ack 648997659 win 32767 <mss > > > > 16396,sackOK,timestamp 88679821 88679821,nop,wscale 0> (DF) > > > > 18:51:54.867904 212.112.147.194.43166 > 192.168.0.2.mysql: . ack > > > > 1 win 32767 <nop,nop,timestamp 88679821 88679821> (DF) > > > > 18:51:54.868663 192.168.0.2.mysql > 212.112.147.194.43166: P > > > > 1:77(76) ack 1 win 32767 <nop,nop,timestamp 88679822 88679821> (DF) > > > > [tos 0x8] > > > > 18:51:54.868740 212.112.147.194.43166 > 192.168.0.2.mysql: . ack > > > > 77 win 32767 <nop,nop,timestamp 88679822 88679822> (DF) > > > > 18:51:54.868801 192.168.0.2.mysql > 212.112.147.194.43166: F > > > > 77:77(0) ack 1 win 32767 <nop,nop,timestamp 88679822 88679822> (DF) > > > > [tos 0x8] > > > > 18:51:54.869254 212.112.147.194.43166 > 192.168.0.2.mysql: F > > > > 1:1(0) ack 78 win 32767 <nop,nop,timestamp 88679822 88679822> (DF) > > > > [tos 0x8] > > > > 18:51:54.869305 192.168.0.2.mysql > 212.112.147.194.43166: . ack > > > > 2 win 32767 <nop,nop,timestamp 88679822 88679822> (DF) [tos 0x8] > > > > > > > > How can I make it so that the vserver is communicating with the > > > > private IP instead of the public one? I want to do this so I can allow > > > > some vservers the ability to access the mysql, but not others. I can > > > > simply add 212.112.147.194 to the tables to be able to connect, but > > > > then all the vservers would be able to connect, when I only want > > > > 192.168.0.1 to be able to connect, but not 192.168.0.3 for example. > > > > > > > > Thanks for any pointers! Here is some more info: > > > > > > > > /etc/vservers/db.conf: > > > > # > > > > # the vserver which runs the databases > > > > # > > > > S_DOMAINNAME="db" > > > > S_HOSTNAME="db" > > > > IPROOT="192.168.0.2" > > > > IPROOTMASK="255.255.255.0" > > > > IPROOTDEV="eth0" > > > > S_CAPS="CAP_NET_RAW" > > > > > > > > /etc/vservers/zun.conf: > > > > S_HOSTNAME="zun" > > > > IPROOT="192.168.0.1" > > > > IPROOTMASK="255.255.255.0" > > > > IPROOTDEV="eth0" > > > > S_FLAGS="lock nproc" > > > > ULIMIT="-u 256 -n 1024" > > > > S_CAPS="CAP_NET_RAW" > > > > > > > > Thanks! > > > > > > > > micah > > > > > > > > ---- > > > > "Naturally, the common people don't want war, but after all, it > > > > is the leaders of a country who determine the policy...Voice or no > > > > voice, the people can always be brought to the bidding of the leaders. > > > > This is easy. All you have to do is to tell them they are being > > > > attacked, and denounce the pacifists for lack of patriotism and > > > > exposing the country to danger. It works the same in every country." > > > > -- Goering, Nuremburg trial > > > > _______________________________________________ > > > > Vserver mailing list > > > > [EMAIL PROTECTED] > > > > http://list.linux-vserver.org/mailman/listinfo/vserver > > > > > > > > > > _______________________________________________ > > > Vserver mailing list > > > [EMAIL PROTECTED] > > > http://list.linux-vserver.org/mailman/listinfo/vserver > > micah > > > > ---- > > "Naturally, the common people don't want war, but after all, it > > is the leaders of a country who determine the policy...Voice or no > > voice, the people can always be brought to the bidding of the leaders. > > This is easy. All you have to do is to tell them they are being > > attacked, and denounce the pacifists for lack of patriotism and > > exposing the country to danger. It works the same in every country." > > -- Goering, Nuremburg trial > > _______________________________________________ > > Vserver mailing list > > [EMAIL PROTECTED] > > http://list.linux-vserver.org/mailman/listinfo/vserver > > > > _______________________________________________ > Vserver mailing list > [EMAIL PROTECTED] > http://list.linux-vserver.org/mailman/listinfo/vserver > _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver