VE Routing issue [message #27773] |
Tue, 26 February 2008 23:37 |
HawkeVIPER
Messages: 1 Registered: February 2008 Location: London
|
Junior Member |
|
|
I've read:
http://forum.openvz.org/index.php?t=msg&goto=1631&&a mp;a mp;srch=src+routing#msg_1631
http://wiki.openvz.org/Using_veth_and_brctl_for_protecting_H N_and_saving_IP-adresses
http://wiki.openvz.org/Using_private_IPs_for_Hardware_Nodes# VE_configuration
http://forum.openvz.org/index.php?t=msg&th=492
Unfortunately, i haven't had much luck getting what I need to work:
On the hardware node I've got 3 interfaces:
eth0 - private - 10.0.0.17/8, default gateway 10.0.0.3
eth1 - iSCSI interface
eth2 - public via a vlan with a transparant firewall in-line - 1.2.3.4 no default gateway
What works:
VE's with a private ip address assigned to them - 10.0.6.0/24 - can talk to other devices on the network and are able to get out to the internet via 10.0.0.3
What doesn't work:
After adding a 1.2.3.4 address to a VE, I'm unable to ping this address from a machine other than the hardware node itself. I've tried various ip route configurations. Basically, any traffic over the public network /must/ go over eth2, otherwise it won't get routed to anywhere due to vlan configurations.
In all cases, the public IP address is a secondary address on the VE, as well as the private IP, so it needs to route via either method.
For what it's worth, watching the log on the firewall doesn't show any packets passing through it for inbound ping.
Thanks in advance!
[Updated on: Wed, 27 February 2008 00:38] Report message to a moderator
|
|
|
Re: VE Routing issue [message #27782 is a reply to message #27773] |
Wed, 27 February 2008 09:23 |
den
Messages: 494 Registered: December 2005
|
Senior Member |
|
|
You should investigate the situation step-by-step.
First, you should go into VE0 and check that you see incoming packets coming from proper interface via
tcpdump
If you do not see them - check that you see arp requests.
The node will arp reply for 1.2.3.4 if and only if
ip r g 1.2.3.4 from [your_ip] dev [incoming dev]
will return a route _OTHER_ than one to [incoming dev]
Regards,
Den
|
|
|