| *SOLVED* Dual NIC Setup [message #16358] |
Sun, 02 September 2007 20:25  |
augustz
Messages: 15
Registered: September 2006
|
Junior Member |
|
|
I've got two NICs, eth0 and eth1
Each has a range of ip addresses.
eth0 connects to a private 10.x.x.x/26 network.
eth1 connects to a public 74.86.x.x network.
I'd like to assign each VE two ip address,
- one from the public block
- one from the private block.
These ip addresses should be routed over their respective devices, eth0 and eth1.
HN has two ips itself, and the following routes
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
74.86.x.y 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
10.4.57.134 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
74.86.x.x 0.0.0.0 255.255.255.248 U 0 0 0 eth1
10.4.57.128 0.0.0.0 255.255.255.192 U 0 0 0 eth0
74.86.x.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
10.0.0.0 10.4.57.129 255.0.0.0 UG 0 0 0 eth0
0.0.0.0 74.86.x.z 0.0.0.0 UG 0 0 0 eth1
VE:
# ifconfig -a
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:152 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:80 (80.0 b) TX bytes:10163 (9.9 KiB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:74.86.x.y P-t-P:74.86.x.y Bcast:74.86.x.y Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
venet0:1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.4.57.134 P-t-P:10.4.57.134 Bcast:10.4.57.134 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 venet0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 venet0
0.0.0.0 192.0.2.1 0.0.0.0 UG 0 0 0 venet0
Current behavior
HN can ping VE (both public and private IP)
VE can ping HN (both public and private IP)
VE can ping public ips directly (out default eth1 gateway on HN)
VE can NOT ping private ips (out of eth0 gateway on HN)
I feel like it's got to be something pretty obvious here... perhaps the VE trying to connect to 10.0.80.11 using its 74.86.x.y address.
Running tcpdump I capture this on the VE when PINGING:
16:10:11.302939 IP 74.86.x.y.32926 > 10.0.80.11.domain: 50705+ (33)
Any thoughts much appreciated...
The wiki has mention of source based routing (i thought my default 10/8 rule would have picked this up. I tried the following without success
ip rule add from 10.4.57.134 table 6
ip route add default dev eth0 via 10.4.57.129 table 6
[Updated on: Tue, 04 September 2007 04:24] by Moderator Report message to a moderator |
|
|
|
| Re: Dual NIC Setup [message #16362 is a reply to message #16358] |
Mon, 03 September 2007 07:21  |
vaverin
Messages: 708
Registered: September 2005
|
Senior Member |
|
|
By default VE uses source IP for outgoining packets taken from first venet interface. In your case it is public IP.
It looks you want to change this behaviour and set private source IP if VE accessed private network:
ip route add to 10.0.0.0/8 src 10.x.y.z dev venet0
and set public source IP for any other connections
ip route add default src 74.86.x.y dev venet0
update: I would note -- you should add these rules inside your VEs
Thank you,
Vasily Averin
[Updated on: Mon, 03 September 2007 07:22] Report message to a moderator |
|
|
|
| Re: Dual NIC Setup [message #16382 is a reply to message #16358] |
Mon, 03 September 2007 20:28 |
augustz
Messages: 15
Registered: September 2006
|
Junior Member |
|
|
I did exactly this after digging around.
in route-venet0
10.0.0.0/8 dev venet0 scope link src 10.4.57.180
Which I assumed meant send anything destined to 10.x from 10.4.57.180.
Worked perfectly, and is exactly what you recommended.
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
