From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Tue 21 Jun 2005 - 14:54:16 BST
On Tue, Jun 21, 2005 at 11:58:38AM +0200, Etienne Pretorius wrote:
> Just on another note:
>
> I did some testing, I removed the
> " SNAT all -- * eth1 0.0.0.0/0
> 0.0.0.0/0 to:192.168.5.99 "
> rule.
> Changed the 196 address to a 192.168.5.49 address, and rebound all the
> services to that address.
> I also came accross an IRC log and used "bcapabilities"
>
> NET_BROADCAST
> NET_RAW
this is not a good idea, if you are concerned
about security ...
> This made it work fine...
>
> But how will I get this to work for the 196 address? As the host's eth1
> is still a 192 address -could
> this be causing some problems?
check the archives, using proper routing and
host nating should solve this, will look into
it later and probably post a more detailed
explanation ...
best,
Herbert
> Kind Regards
> Etienne
>
>
> Etienne Pretorius wrote:
>
> >Hi there,
> >
> >I would like to know if any1 can shed some light for me on the following:
> >
> >I have a "Host" with the ip addresses
> > eth0 192.168.1.33
> > eth1 192.168.5.99
> > ppp0 <dynamic>
> >
> >Inside this host I have a vserver with the following ip addresses:
> > eth0 192.168.1.2
> > eth1 196.25.113.3
> >
> >My Nat table looks like so:
> > Chain PREROUTING (policy ACCEPT 66 packets, 4577 bytes)
> > pkts bytes target prot opt in out
> >source destination
> >
> > Chain POSTROUTING (policy ACCEPT 2 packets, 288 bytes)
> > pkts bytes target prot opt in out
> >source destination
> > 0 0 SNAT all -- * ppp0
> >0.0.0.0/0 0.0.0.0/0 to:<dynamic ip>
> > 5 420 SNAT all -- * eth1
> >0.0.0.0/0 0.0.0.0/0 to:192.168.5.99
> >
> > Chain OUTPUT (policy ACCEPT 7 packets, 708 bytes)
> > pkts bytes target prot opt in out
> >source destination
> >
> >I would like the services on the vserver to be avialible to the
> >outside network;
> >I first thought that if I give the vserver 10.x.x.x ip addresses and
> >have an aliased ip 196.25.113.3 on the host
> >and then preform natting then my problem will be solved, but
> >unfortunately this is not so. As I can't seem to be
> >able to add the 196 address to the eth1 for the aliaseing to occur.
> >
> >I am just interisted what others could suggest to me to do in this
> >senario.
> >
> >BTW using Debian kernel 2.6.8 and vserver 1.9
> >
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver