About this list Date view Thread view Subject view Author view Attachment view

From: Fran Firman (fran_at_netgate.net.nz)
Date: Wed 14 Aug 2002 - 05:54:53 BST


Unfortunately this also breaks the cricket program, - collector, where
we had to actually specify the ipaddress in the config of the collector.

It seems to use raw sockets to create the snmp packet.

Also the ping is used to check the state (are you there), of 6000
routers, that we manage, so getting the ip address to come from the
virtual one would help.

Thanks..

Fran.

Advanced Solutions
Telecom New Zeanland

On Wed, 2002-08-14 at 16:04, Jacques Gelinas wrote:
> On Wed, 14 Aug 2002 11:52:55 -0500, Fran Firman wrote
> >
> >
> > I can ping other machines ok, but the source ip address of the icmp
> > connection is coming from the real server, not the ip address of the
> > vserver.
> >
> > This could cause problems later with firewall rules, and routing to the
> > end devices.
>
> ping is a special case. The ping utility creates the ping packet itself, bypassing
> all vserver security in this area. This is why raw packet are disallowed in vservers
> by default.
>
> So do not use ping to test routing with vserver. A vserver is bound to its IP and
> as such will use them to talk.
>
>
> ---------------------------------------------------------
> Jacques Gelinas <jack_at_solucorp.qc.ca>
> vserver: run general purpose virtual servers on one box, full speed!
> http://www.solucorp.qc.ca/miscprj/s_context.hc
>



About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 06 Nov 2002 - 07:03:42 GMT by hypermail 2.1.3