I have a hardware node with two network interfaces, one with a public IP 
address, one with a private IP address. Now I would like a VPS to also 
have a public IP address and a private IP address so both networks can be 
accessed directly. How should this be configured? Is it possible without 
using veth interfaces?

-- 
Frederik

On Tue, Nov 13, 2007 at 02:54:30PM +0000, Frederik wrote:
 > I have a hardware node with two network interfaces, one with a public IP 
 > address, one with a private IP address. Now I would like a VPS to also 
 > have a public IP address and a private IP address so both networks can be 
 > accessed directly. How should this be configured? Is it possible without 
 > using veth interfaces?


I have a hardware node with two network interfaces, one with a public IP
address, one with a private IP address.  My VEs just have a private IP
address.  The firewall on the hardware node can route things so that the
VE can access both networks.  I use shorewall to setup my firewall and
it's pretty easy.

-- 

   E Frank Ball                efball@efball.com

On Tue, 13 Nov 2007 17:00:11 -0800, E Frank Ball III wrote:

> On Tue, Nov 13, 2007 at 02:54:30PM +0000, Frederik wrote:
>  > I have a hardware node with two network interfaces, one with a public
>  > IP address, one with a private IP address. Now I would like a VPS to
>  > also have a public IP address and a private IP address so both
>  > networks can be accessed directly. How should this be configured? Is
>  > it possible without using veth interfaces?
> 
> 
> I have a hardware node with two network interfaces, one with a public IP
> address, one with a private IP address.  My VEs just have a private IP
> address.  The firewall on the hardware node can route things so that the
> VE can access both networks.  I use shorewall to setup my firewall and
> it's pretty easy.

The problem when doing it like this, is that you probably have to do DNAT 
on your HN to access a VE from the outside, isn't it? That's something I 
want to avoid.

-- 
Frederik

I actually did this a few days ago.
Just add both the public and the private IP address to the VE using
these commands (don't use veth interfaces):

HN# vzctl set 100 --ipadd [publicip] --save
HN# vzctl set 100 --ipadd [privateip] --save

In the VE you should now have two ethernet devices: venet0 and venet0:1
To make it actually work, you have to add routes inside the VE to the
network that isn't available using the default route:

VE# route add -net [privatenetwork] netmask 255.255.255.0 gw [privateip]

So to explain the above command, you add the route to [privatenetwork]
(i.e. 192.168.1.0) using its own IP address as the gateway. You can add
this route to one of the startup scripts of your VE, so it gets added
when the VE boots.

Remember, this only works when your Hardware Node knows both networks
(in its routing table).

Regards,
Arjan


Frederik wrote:
> I have a hardware node with two network interfaces, one with a public IP 
> address, one with a private IP address. Now I would like a VPS to also 
> have a public IP address and a private IP address so both networks can be 
> accessed directly. How should this be configured? Is it possible without 
> using veth interfaces?
>
>

On Wed, 14 Nov 2007 10:51:48 +0100, Arjan Schrijver wrote:

> I actually did this a few days ago.
> Just add both the public and the private IP address to the VE using
> these commands (don't use veth interfaces):
> 
> HN# vzctl set 100 --ipadd [publicip] --save HN# vzctl set 100 --ipadd
> [privateip] --save
> 
> In the VE you should now have two ethernet devices: venet0 and venet0:1
> To make it actually work, you have to add routes inside the VE to the
> network that isn't available using the default route:
> 
> VE# route add -net [privatenetwork] netmask 255.255.255.0 gw [privateip]

Thank you. The above route command was the missing link in my setup. I 
already tried using the private IP of the HN as the gw for that network, 
but that did not work. Using the VEs own private IP as the gw did indeed 
the trick.

-- 
Frederik