On Wed, 2004-04-28 at 16:55, Alex Lyashkov wrote: > В Срд, 28.04.2004, в 19:45, Liam Helmer пишет: > > This question came up on the list a week or two ago, and the answer was > > that IPtables rules were changing the source address of outgoing > > connections. Did you check those to make sure that packets coming from > > your vserver addresses aren't being SNAT-ed to something? > using ip routing rules not fix all issues. > if me have packet exchange with some address from host and try send > packet from vps - kernel select source address from routing cache and > not use routing tables/rules. > If you use SNAT for change address you must add NAT local connections > but it not light process for kernel, and I not sure it help.
I wasn't saying he should put any in: I was saying that his problem might be that there's a rule there that's changing the address. Also, I'm talking about iptables (i.e. netfilter), not ip routing tables. Actually, you could fix a lot of it with ip routing tables, if you use policy routing (from x to y route to z with source a). I was considering playing around with this, but it's more complex. This is yet another place where having an netfilter_ctx patch would be helpful: for marking packets so they correspond to ip routing rules (from context q route to z with source a). What I'm currently doing is doing SNAT on all vserver packets: that gives the most flexibility, with the vservers residing on a private internal ip. It also lets me share IPs better for vservers: I can have one vserver doing port 80, and one doing port 25 on the same ip, but I don't have to worry about one of them accidentally turning on a service and interfering with another one, 'cause they have different private IPs. It's not ideal for all setups, but then I'm not doing virtual hosting really, so I have differnet needs. Cheers, Liam > > > > Cheers, > > Liam > > > > On Wed, 2004-04-28 at 16:12, Alex Lyashkov wrote: > > > В Срд, 28.04.2004, в 18:46, [EMAIL PROTECTED] пишет: > > > > Howdy all: > > > > > > > > Incoming connections from a virtual server I'm running are appearing as if > > > > they are coming from the host. For example, on a third server (completely > > > > separate from the host/vserver), the httpd access_log shows entries from the > > > > host IP, and not the vserver IP, when accesses are coming from an app running > > > > in the vserver context. > > > > > > > > Is this expected behavior? Is there a way I can make vserver connections > > > > appears as if they are from the vserver? I saw a similar question in the IRC > > > > logs, but the answer appeared to be truncated. > > > > > > > > Thanks, > > > > Ryan > > > > > > > > p.s. Running vs1.3.8 and alpha util-vserver. The host and the vserver have > > > > been assigned different IP addresses on the same subnet. > > > > > > > > > > > > _______________________________________________ > > > see archive this list. > > > Correctly select source address without complete separate routing caches > > > and routing tables not possible. and Vserver not have it. > > > I report about this bug to list, because freevps have same problem at > > > one of old snapshot. > > > > _______________________________________________ > > Vserver mailing list > > [EMAIL PROTECTED] > > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
