From: Gilles (gilles_at_harfang.homelinux.org)
Date: Sun 26 Sep 2004 - 16:14:27 BST
> >
> > Can I create a second purely virtual net inside H2, say 192.168.3.0 ?
> > [Where I would put e.g. a "mysql" vserver, with address 192.168.3.55.]
>
> if you do not accept/route packets for the 192.168.3.0/24
> you can assign those IPs to for example the dummy0 interface
> (what interface doesn't matter actually) and use it on
> the host only ...
Ooh, *that* was a piece I was missing; thanks.
[I use Debian.] I added something like the following in
/etc/network/interfaces
on the host:
iface dummy0 inet static
address 192.168.3.1
netmask 255.255.255.0
broadcast 192.168.3.255
gateway 192.168.1.10
(1)
But, when the interface is brought up, there is an error message:
SIOCADDRT: Network is unreachable
Failed to bring up dummy0.
This is probably related to the ifupdown Debian scripts, as "ifconfig"
shows the interface (and networking with a 192.168.3.2 vserver is OK).
Do you have some clues?
(2)
I'm still confused, because I don't understand why routing just works (but
probably not as I expect)!
In the above dummy0 config, I thought that I was setting up a virtual
gateway for the 192.168.3.0 virtual subnet. [192.168.1.10 is the address
of "eth0" on the host.]
But "route -n" within the vserver shows:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 dummy0
127.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 dummy0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.1.20 0.0.0.0 UG 0 0 0 eth0
[Note: This is not exactly the right output, because I had set up a bridged
ethernet in order to provide connectivity to a UML, so that "eth0" is really
"br0", but if I understood the explanations, "br0" effectively replaces "eth0"
on the host (anyway it has the IP address that was associated with "eth0" when
there was no bridge).]
192.168.1.20 is the address of the *other* physical machine (the one connected
to the Internet via its second nic), so that's the host default gateway), but
that's also the vserver default gateway (!), whereas I had imagined that the
vserver packets would have gone out through dummy0, to be routed by the
192.168.3.1 gateway.
Obviously, it's a wrong expectation. Then, what is *really* going on?
> > > but all communication on the same host
> > > will happen via lo (see More Documentation on the
> > > linux-vserver wiki), so you have to keep that in mind.
What does that imply? Security problem?
> http://archives.linux-vserver.org/200311/0470.html
> http://list.linux-vserver.org/archive/vserver/msg06615.html
> http://list.linux-vserver.org/archive/vserver/msg06631.html
> http://list.linux-vserver.org/archive/vserver/msg06667.html
> http://vserver.13thfloor.at/Stuff/VServer-IP-Setup-0.1.txt
You ask many questions in there ;-) Is there a place where you
collected the answers/conclusions?
> > > vmware and QEMU or Bochs use a separate kernel (similar
> > > to that what UML does) and communicate via tun/tap
> >
> > Is it possible to have the same kind of communication between
> > vservers?
>
> possible yes, implemented no, because it doesn't
> make much sense to feed network data through some
> userspace pipe ...
Euh... Some explanation/doc to clarify that point?
Thanks for your patience,
Gilles
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver