Re: [vserver] VServer with Host as Gateway

Well, I've figured out _a_ solution, though it may not be _the_ solution:
  The virtual guest has two NICs, eth0 and eth1. Traffic for the WAN
goes out on eth0, Traffic for the LAN goes out on eth1. Just like
with the virtual host. I had hoped to not do this, as it doesn't feel
as "clean" as a single NIC for the virtual guest, but in some ways it
is infinitely simpler than all the various routing schemes I've tried.

Daniel...can you explain your statement below about getting stuck in a
loop? Traffic for me seems to be fine.

My current configs are as follows (I can send the iptables commands if
that is easier to read...none of it is particularly easy for me to
decipher):
  HOST ~ # iptables -L
  Chain INPUT (policy ACCEPT)
  target prot opt source destination

  Chain FORWARD (policy DROP)
  target prot opt source destination
  ACCEPT all -- 10.50.50.0/24 anywhere
  ACCEPT all -- anywhere 10.50.50.0/24

  Chain OUTPUT (policy ACCEPT)
  target prot opt source destination

  HOST ~ # iptables -t nat -L
  Chain PREROUTING (policy ACCEPT)
  target prot opt source destination
  DNAT tcp -- anywhere anywhere tcp
dpt:ssh to:10.50.50.1:22

  Chain POSTROUTING (policy ACCEPT)
  target prot opt source destination
  SNAT all -- anywhere anywhere
to:192.168.100.254

  Chain OUTPUT (policy ACCEPT)
  target prot opt source destination

And for completeness, my /etc/conf.d/net looks like:
  config_eth0=(
          "192.168.100.253/24"
          "192.168.100.254/24")
  routes_eth0=( "default via 192.168.100.1" )

  config_eth1=(
          "10.50.50.1/24"
          "10.50.50.10/24"
  )

Is there anything that you guys see in this that makes it a bad idea?
The biggest flaw I see right now is that if/when I remove that linksys
router from between this machine an the cable modem, I won't have the
luxury of multiple IPs on eth0.

Stu

On 10/24/07, Daniel Hokka Zakrisson <daniel@hozac.com> wrote:
> Stuart Lester wrote:
> > Ladies and Gentlemen,
> ...
>
> I assume this is not the config that kind of works, since you're missing
> a ) on the last line, and any traffic would get stuck in a loop. For the
> kind of setup you're interested in, you really shouldn't need to do
> anything special with regard to the routing, so just removing those
> routes and rules should make everything behave...
>
> --
> Daniel Hokka Zakrisson
>
Received on Wed Oct 24 20:59:15 2007