OpenVZ Forum: Support » Making a manual IP configuration 'stick'

Home » General » Support » Making a manual IP configuration 'stick' (Doing this the right way)

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Making a manual IP configuration 'stick' [message #39174]

Mon, 22 March 2010 22:28

PhYrE
Messages: 3
Registered: November 2009

Junior Member

I have the following config:
Host:
eth0: EXT.EXT.EXT.5/24
eth0:1 10.5.5.5/8
Container:
venet0 127.0.0.1
venet0:0 EXT.EXT.EXT.6/24
venet0:1 10.6.6.6/8

This worked great for all purposes except that pinging something on the 10.x network failed unless the host being pinged was also on the EXT network, as the source IP was going out as EXT.EXT.EXT.6 and hence the remote system wasn't able to return the packet.

This was solved by running the following WITHIN the container
ip route add to 10.0.0.0/8 src 10.6.6.6 dev venet0

How can I:
a) configure this so that it does it when it configures the IP automatically or chooses the 'best' interface.
b) configure it to execute this line after it brings up the interface.
c) make this setting stick, beyond putting it into rc.local so that it is easily configured, replicated, and not overwritten by operating system changes.

Any help is greatly appreciated!

-M

Report message to a moderator

Re: Making a manual IP configuration 'stick' [message #39175 is a reply to message #39174]

Mon, 22 March 2010 23:06

kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia

Senior Member

This is a subject of bug #1088, which is not yet fixed Sad

http://bugzilla.openvz.org/show_bug.cgi?id=1088

You know the workaround (rc.local or something similar) and the solution is to fix the bug...

Kir Kolyshkin

http://static.openvz.org/userbars/openvz-developer.png

Report message to a moderator

Re: Making a manual IP configuration 'stick' [message #39178 is a reply to message #39175]

Tue, 23 March 2010 14:27

PhYrE
Messages: 3
Registered: November 2009

Junior Member

In reading the bug, I'm not sure that it is.

The bug asks for the ability to set netmasks for IP addresses and resolves the bug my using IP masquerading.

My fix changes the source IP address in the IP header so that it need not be the default primary IP but could also be a secondary IP address.

Maybe it does inadvertantly do it (as it could scope the IP range) but I just want to make sure this is in fact the same bug before I drop the issue.

My fix:
ip route add to 10.0.0.0/8 src 10.6.6.6 dev venet0

Their Bug Fix:
iptables -t nat -A POSTROUTING -s 10.0.15.64/27 -o eth1 -j SNAT --to
63.248.94.18

I guess just two ways to fix the same problem. I'll watch the bug and see where it goes.

-M

Report message to a moderator

Re: Making a manual IP configuration 'stick' [message #39179 is a reply to message #39178]

Tue, 23 March 2010 14:51

kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia

Senior Member

Please forget about the comment about NAT. The thing is, vzctl sets default netmask of /24 for every address added. This is wrong and leads to incorrect routing. The only fix is to have correct netmasks, with these in place routes will also be correct.

Kir Kolyshkin

Report message to a moderator

Previous Topic:	IP-Tables Problem on vz-machine bei stateful inspection
Next Topic:	Template to acess remote desktop

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Thu Jul 11 15:27:53 GMT 2024

Total time taken to generate the page: 0.02336 seconds