From: Liam Helmer (linuxlists_at_thevenue.org)
Date: Tue 12 Oct 2004 - 18:11:27 BST
It sounds to me like you need to build routing tables for the vservers.
The problem you're probably having is that linux, by default, wants to
use it's default route for everything: you've got to specifically tell
it that it needs to use routing from the other ips for packets
originating from those ips.
www.policyrouting.org has a tonne of information on this, but, the quick
version is:
install iproute2/iproute package (different distributions name this
different things)
add a vserver routing table to /etc/iproute2/rt_tables:
200 vserver
(the number doesn't matter much)
then run:
ip route add table vserver default via <second router>
ip rule add from <vserver.ip.range/netmask> lookup vserver
Put those two lines in you startup scripts somewhere. Note, if you have
other static routes for your network, you'll need to add them into the
"ip route" list too.
In case you're curious, ping works, because it manually creates packets,
rather than using the standard ipv4 interface (which is why it needs
CAP_NET_RAW).
Cheers,
Liam
On Tue, 2004-10-12 at 04:48 -0700, Roderick A. Anderson wrote:
> On Tue, 12 Oct 2004, Herbert Poetzl wrote:
>
> > what is 'open the vserver up'?
>
> Sorry. I seem to always do this at the end of _very_ long days and under
> fire.
>
> S_CAPS="CAP_NET_RAW"
>
> so I can ping.
>
> > can you reach arbitrary hosts from within the
> > vserver, preferably on both interfaces?
>
> The interfaces are connected to separate routers so only one interface is
> configured for a vserver. Segregation of resources. We're trying to
> provide redundancy for two different backend mailservers on only two
> physical machines. The load is not and should not be sufficient to
> warrant four servers.
>
> > postfix uses a chroot-ed env, check for
> > additional logging messages on startup maybe
> > your config doesn't match?
>
> Yeah I still have a problem wrapping my mind around multiple interfaces
> and multiple (WAN) routes and I forgot to look at this logs since it
> appeared this was working (secondary MX) until we got flooded with
> junkmail this week-end which seems to have overloaded the primary MX (a
> stand alone system). Nothing like a load test to get the smoke flowing.
>
> > HTH, Herbert
>
> It always does. Even if it doesn't solve the problem I always learn a
> lot.
>
>
> Thanks Herbert,
> Rod
-- Liam Helmer <linuxlists_at_thevenue.org>_______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver