From: Fran Firman (fran_at_netgate.net.nz)
Date: Wed 14 Aug 2002 - 05:54:53 BST
Unfortunately this also breaks the cricket program, - collector, where
we had to actually specify the ipaddress in the config of the collector.
It seems to use raw sockets to create the snmp packet.
Also the ping is used to check the state (are you there), of 6000
routers, that we manage, so getting the ip address to come from the
virtual one would help.
Thanks..
Fran.
Advanced Solutions
Telecom New Zeanland
On Wed, 2002-08-14 at 16:04, Jacques Gelinas wrote:
> On Wed, 14 Aug 2002 11:52:55 -0500, Fran Firman wrote
> >
> >
> > I can ping other machines ok, but the source ip address of the icmp
> > connection is coming from the real server, not the ip address of the
> > vserver.
> >
> > This could cause problems later with firewall rules, and routing to the
> > end devices.
>
> ping is a special case. The ping utility creates the ping packet itself, bypassing
> all vserver security in this area. This is why raw packet are disallowed in vservers
> by default.
>
> So do not use ping to test routing with vserver. A vserver is bound to its IP and
> as such will use them to talk.
>
>
> ---------------------------------------------------------
> Jacques Gelinas <jack_at_solucorp.qc.ca>
> vserver: run general purpose virtual servers on one box, full speed!
> http://www.solucorp.qc.ca/miscprj/s_context.hc
>