| Home » Mailing lists » Users » several nics on the hn Goto Forum:
	| 
		
			| several nics on the hn [message #43677] | Thu, 06 October 2011 13:02  |  
			| 
				
				
					|  Daniel Bauer Messages: 37
 Registered: February 2006
 | Member |  |  |  
	| Hello, 
 I've several nics on the hostnode. Only the internal service nic have an
 internal IP. The other nics are without IPs and connected to different
 internal subnets and public www.
 
 I've read the differences between venet and veth
 http://wiki.openvz.org/Differences_between_venet_and_veth
 and want to use venet, but only venet0 is active in the hn, I think this
 is connected to eth0, but how to access the other nics?
 
 Thanks
 Daniel
 |  
	|  |  |  
	|  |  
	|  |  
	|  |  
	|  |  
	|  |  
	| 
		
			| Re:  several nics on the hn [message #43687 is a reply to message #43682] | Thu, 06 October 2011 17:44   |  
			| 
				
				
					|  samiam Messages: 15
 Registered: July 2011
 | Junior Member |  
 |  |  
	| > When you start mixing class Cs, venet, veth and what have you, is when you > see forum postings.
 
 I should note there is a RTFM on having different containers use
 different interfaces:
 
 http://wiki.openvz.org/Source_based_routing
 
 However, what is missing is a RTFM on having a single container use
 different interfaces to route to different IP ranges.  For example, a
 host that is a router with separate interfaces to 192.168.1.0/24 and
 192.168.42.0/24, as well as a gateway to the internet, and we want a
 container on this host to access all three networks (for example, a
 container running Squid as a web proxy).
 
 Another example which has been annoying me: Having an OpenVZ container
 inside of a VirtualBox guest.  I would like to have my OpenVZ
 container be accessible from both my host and access both the internet
 at the same time, in a way that does not require a bridged interface.
 [1]  VirtualBox uses one interface to access the internet (10.0.4.X)
 and another interface that the host can use to connect to the guest
 (192.168.56.X).  The OpenVZ container can connect to one or the other,
 but not both at the same time.
 
 I just did a STFW to find a way to resolve this problem and only got
 other reports of people with similar issues, such as
 http://forum.openvz.org/index.php?t=msg&goto=9978&
 
 So, here's my question: Is there a page out there which details
 exactly how to have an OpenVZ container use two or more different
 interfaces on the host machine?
 
 - Sam
 
 [1] The VirtualBox issue can be somewhat resolved by having the
 VirtualBox guest also have a bridged interface, and having the OpenVZ
 container use said bridged interface.  This, alas, doesn't work when
 there isn't a DHCP server on the network to connect to, such as when
 I'm on a plane or somewhere else without WiFi.
 |  
	|  |  |  
	| 
		
			| Re:  several nics on the hn [message #43689 is a reply to message #43680] | Thu, 06 October 2011 20:13   |  
			| 
				
				
					|  Daniel Bauer Messages: 37
 Registered: February 2006
 | Member |  |  |  
	| Hi Esmé, 
 > What's your setup? You have 1 'internal' NIC with an IP-address and
 > other
 > NIC's without IP-address who you want to connect inside a container,
 > for
 > what purpose?
 
 I've several nets:
 1. internal service net, only available from/for the hostnode
 2. internal LAN with intranet services for my users
 3. DMZ
 4. external IPs
 
 The host node should only be accessible in net 1, I don't want any
 routing or firewalling inside the hn, there should be no connection f.e.
 to net 4
 
 
 > If you use veth you could theoretically set up a bridge with one of
 > those
 > devices, that would be easiest in my opinion. But why would you
 > consist on
 > venet?
 
 In the mentioned article the are two advantages: security and
 performance
 
 
 > Probably with a little bit more information we can help you a bit
 > further.
 
 
 Thanks
 Daniel
 
 
 > -----Oorspronkelijk bericht-----
 > Van: users-bounces@openvz.org [mailto:users-bounces@openvz.org] Namens
 > Daniel Bauer
 > Verzonden: donderdag 6 oktober 2011 15:02
 > Aan: users@openvz.org
 > Onderwerp: [Users] several nics on the hn
 >
 > Hello,
 >
 > I've several nics on the hostnode. Only the internal service nic have
 > an
 > internal IP. The other nics are without IPs and connected to different
 > internal subnets and public www.
 >
 > I've read the differences between venet and veth
 > http://wiki.openvz.org/Differences_between_venet_and_veth
 > and want to use venet, but only venet0 is active in the hn, I think
 > this is
 > connected to eth0, but how to access the other nics?
 >
 > Thanks
 > Daniel
 >
 |  
	|  |  |  
	|  |  
	| 
		
			| Re:  several nics on the hn [message #43691 is a reply to message #43678] | Thu, 06 October 2011 20:19   |  
			| 
				
				
					|  Daniel Bauer Messages: 37
 Registered: February 2006
 | Member |  |  |  
	| Hello Gary, 
 > Edit your:
 >
 > /etc/vz/vz.conf
 >
 > Specifically the VE_ROUTE_SRC_DEV value
 >
 > ...
 > # The name of the device whose IP address will be used as source IP
 > for CT.
 > # By default automatically assigned.
 > #VE_ROUTE_SRC_DEV="eth0"
 
 I see that I could change this value, but not add an venet(1,2,3). I
 understand howto use veth, but then I loose the advantages of the venet
 ...
 
 Thanks
 Daniel
 
 
 > Daniel Bauer wrote:
 >> Hello,
 >>
 >> I've several nics on the hostnode. Only the internal service nic have
 >> an
 >> internal IP. The other nics are without IPs and connected to
 >> different
 >> internal subnets and public www.
 >>
 >> I've read the differences between venet and veth
 >> http://wiki.openvz.org/Differences_between_venet_and_veth
 >> and want to use venet, but only venet0 is active in the hn, I think
 >> this
 >> is connected to eth0, but how to access the other nics?
 >>
 >> Thanks
 >> Daniel
 >>
 |  
	|  |  |  
	| 
		
			| RE:  several nics on the hn [message #43697 is a reply to message #43689] | Fri, 07 October 2011 08:23   |  
			| 
				
				
					|  Esm Messages: 15
 Registered: August 2011
 | Junior Member |  |  |  
	| Hey Daniel, 
 When you want to use this kind of configuration:
 
 ---internal---> 	| hn	|  VEID 1
 ---NIC 2---->	|	|  VEID 2
 ---NIC 3---->	|	|  VEID 3
 
 And what you try is, f.e., to have the internal NIC only connecting to the
 hn, and NIC 2 to VEID 3 and NIC 3 to VEID 2, then you probably will need to
 route and firewall your config if you stick to venet.
 
 Using a bridged setup would mean the same security implications as using the
 setup above (firewalled). So that's not something to worry about.
 
 If you've any questions, please let us know.
 
 Esmé
 
 -----Oorspronkelijk bericht-----
 Van: users-bounces@openvz.org [mailto:users-bounces@openvz.org] Namens
 Daniel Bauer
 Verzonden: donderdag 6 oktober 2011 22:14
 Aan: users@openvz.org
 Onderwerp: Re: [Users] several nics on the hn
 
 Hi Esmé,
 
 > What's your setup? You have 1 'internal' NIC with an IP-address and
 > other NIC's without IP-address who you want to connect inside a
 > container, for what purpose?
 
 I've several nets:
 1. internal service net, only available from/for the hostnode 2. internal
 LAN with intranet services for my users 3. DMZ 4. external IPs
 
 The host node should only be accessible in net 1, I don't want any routing
 or firewalling inside the hn, there should be no connection f.e.
 to net 4
 
 
 > If you use veth you could theoretically set up a bridge with one of
 > those
 > devices, that would be easiest in my opinion. But why would you
 > consist on
 > venet?
 
 In the mentioned article the are two advantages: security and
 performance
 
 
 > Probably with a little bit more information we can help you a bit
 > further.
 
 
 Thanks
 Daniel
 
 
 > -----Oorspronkelijk bericht-----
 > Van: users-bounces@openvz.org [mailto:users-bounces@openvz.org] Namens
 > Daniel Bauer
 > Verzonden: donderdag 6 oktober 2011 15:02
 > Aan: users@openvz.org
 > Onderwerp: [Users] several nics on the hn
 >
 > Hello,
 >
 > I've several nics on the hostnode. Only the internal service nic have
 > an
 > internal IP. The other nics are without IPs and connected to different
 > internal subnets and public www.
 >
 > I've read the differences between venet and veth
 > http://wiki.openvz.org/Differences_between_venet_and_veth
 > and want to use venet, but only venet0 is active in the hn, I think
 > this is
 > connected to eth0, but how to access the other nics?
 >
 > Thanks
 > Daniel
 >
 |  
	|  |  |  
	|  |  
	|  |  
	| 
		
			| Re:  several nics on the hn [message #43703 is a reply to message #43697] | Fri, 07 October 2011 10:48   |  
			| 
				
				
					|  Daniel Bauer Messages: 37
 Registered: February 2006
 | Member |  |  |  
	| Hi Esmé, 
 From: "Esmé de Wolf" <esme@elements.nl>
 > When you want to use this kind of configuration:
 >
 > ---internal---> | hn |  VEID 1
 > ---NIC 2----> | |  VEID 2
 > ---NIC 3----> | |  VEID 3
 >
 > And what you try is, f.e., to have the internal NIC only connecting to
 > the
 > hn, and NIC 2 to VEID 3 and NIC 3 to VEID 2, then you probably will
 > need to
 > route and firewall your config if you stick to venet.
 >
 > Using a bridged setup would mean the same security implications as
 > using the
 > setup above (firewalled). So that's not something to worry about.
 
 I think I do it with veth, also if I prefered the venet interface,
 because nobody could change the IP inside the CT.
 
 Thanks
 Daniel
 
 
 > -----Oorspronkelijk bericht-----
 > Van: users-bounces@openvz.org [mailto:users-bounces@openvz.org] Namens
 > Daniel Bauer
 > Verzonden: donderdag 6 oktober 2011 22:14
 > Aan: users@openvz.org
 > Onderwerp: Re: [Users] several nics on the hn
 >
 > Hi Esmé,
 >
 >> What's your setup? You have 1 'internal' NIC with an IP-address and
 >> other NIC's without IP-address who you want to connect inside a
 >> container, for what purpose?
 >
 > I've several nets:
 > 1. internal service net, only available from/for the hostnode 2.
 > internal
 > LAN with intranet services for my users 3. DMZ 4. external IPs
 >
 > The host node should only be accessible in net 1, I don't want any
 > routing
 > or firewalling inside the hn, there should be no connection f.e.
 > to net 4
 >
 >
 >> If you use veth you could theoretically set up a bridge with one of
 >> those
 >> devices, that would be easiest in my opinion. But why would you
 >> consist on
 >> venet?
 >
 > In the mentioned article the are two advantages: security and
 > performance
 >
 >
 >> Probably with a little bit more information we can help you a bit
 >> further.
 >
 >
 > Thanks
 > Daniel
 >
 >
 >> -----Oorspronkelijk bericht-----
 >> Van: users-bounces@openvz.org [mailto:users-bounces@openvz.org]
 >> Namens
 >> Daniel Bauer
 >> Verzonden: donderdag 6 oktober 2011 15:02
 >> Aan: users@openvz.org
 >> Onderwerp: [Users] several nics on the hn
 >>
 >> Hello,
 >>
 >> I've several nics on the hostnode. Only the internal service nic have
 >> an
 >> internal IP. The other nics are without IPs and connected to
 >> different
 >> internal subnets and public www.
 >>
 >> I've read the differences between venet and veth
 >> http://wiki.openvz.org/Differences_between_venet_and_veth
 >> and want to use venet, but only venet0 is active in the hn, I think
 >> this is
 >> connected to eth0, but how to access the other nics?
 >>
 >> Thanks
 >> Daniel
 >>
 |  
	|  |  |  
	| 
		
			| Re:  Re: several nics on the hn [message #43706 is a reply to message #43702] | Fri, 07 October 2011 12:06   |  
			| 
				
				
					|  Timh B Messages: 3
 Registered: June 2011
 | Junior Member |  |  |  
	| Daniel, 
 On Fri, October 7, 2011 12:46, Daniel Bauer wrote:
 > It's an really interesting solution. I've to look at the VLAN technic,
 > because I've never used it.
 >
 > One thing was, that nobody - only the HN - could change the IP for a CT.
 > This issue couldn't be solved by VLAN or veth, so I thought to use
 > venet.
 >
 > Now I think I'll prefer the bultin veth technic to solve my problem
 > right now.
 >
 
 I would also suggest you go this path, configure your "dedicated" hn-nic
 (for this example, let's say it's eth0) as usual with the ip-address you
 want.
 
 Example (debian):
 iface eth0 inet static
 address x.y.z.n
 netmask x.x.x.0
 gateway x.y.z.n
 
 iface eth1 inet manual
 
 iface eth1.100 inet manual
 vlan_raw_device eth0
 
 iface eth1.200 inet manual
 vlan_raw_device eth0
 
 iface vmbr100 inet manual
 bridge_ports eth1.100
 bridge_stp off
 bridge_fd 0
 
 iface vmbr200 inet manual
 bridge_ports eth1.200
 bridge_stp off
 bridge_fd 0
 
 --
 
 Then, when creating your ct's you simple omit the --ipaddress flag on
 vzctl command and run vzctl <VEID> set --save --netif_add eth0,,,,vmbr100
 and configure "eth0" within the CT.
 
 This will put the ct-network in vlan100 on (hn) eth1 (which as you can
 see, has no ip-address configured) on the bridge vmbr100 as veth<VEID>.0
 (confirm with "brctl show"). Note: you will have to configure your switch
 to send the vlan as "tagged" to the eth1 interface.
 
 For your security concerns I suggest you look into mac-filtering or maybe
 check for mismatches between mac and ip addresses you have configured for
 the CT, the --netif_add command will generate a mac-address or you can set
 one manually.
 
 The veth<VEID>.0 interface will also show up in the HN and you can do
 firewalling with something like this;
 
 -A OUTPUT -o veth<VEID>.0 -s <IP> -j ACCEPT
 -A OUTPUT -o veth<VEID>.0 -j DROP
 
 (You will have to check the iptables-commands as I wrote them from the top
 of my head!)
 
 Good luck!
 
 -- Timh
 |  
	|  |  |  
	|  |  
	|  |  
	|  |  
	| 
		
			| Re:  Re: several nics on the hn [message #43717 is a reply to message #43706] | Sat, 08 October 2011 09:39   |  
			| 
				
				
					|  Daniel Bauer Messages: 37
 Registered: February 2006
 | Member |  |  |  
	| Hello Timh, 
 From: "Timh B" <timh@shiwebs.net>
 > On Fri, October 7, 2011 12:46, Daniel Bauer wrote:
 >> It's an really interesting solution. I've to look at the VLAN
 >> technic,
 >> because I've never used it.
 >>
 >> One thing was, that nobody - only the HN - could change the IP for a
 >> CT.
 >> This issue couldn't be solved by VLAN or veth, so I thought to use
 >> venet.
 >>
 >> Now I think I'll prefer the bultin veth technic to solve my problem
 >> right now.
 >>
 >
 > I would also suggest you go this path, configure your "dedicated"
 > hn-nic
 > (for this example, let's say it's eth0) as usual with the ip-address
 > you
 > want.
 >
 > Example (debian):
 > iface eth0 inet static
 >   address x.y.z.n
 >   netmask x.x.x.0
 >   gateway x.y.z.n
 >
 > iface eth1 inet manual
 >
 > iface eth1.100 inet manual
 >  vlan_raw_device eth0
 >
 > iface eth1.200 inet manual
 >  vlan_raw_device eth0
 >
 > iface vmbr100 inet manual
 >  bridge_ports eth1.100
 >  bridge_stp off
 >  bridge_fd 0
 >
 > iface vmbr200 inet manual
 >  bridge_ports eth1.200
 >  bridge_stp off
 >  bridge_fd 0
 >
 > --
 >
 > Then, when creating your ct's you simple omit the --ipaddress flag on
 > vzctl command and run vzctl <VEID> set --save --netif_add
 > eth0,,,,vmbr100
 > and configure "eth0" within the CT.
 >
 > This will put the ct-network in vlan100 on (hn) eth1 (which as you can
 > see, has no ip-address configured) on the bridge vmbr100 as
 > veth<VEID>.0
 > (confirm with "brctl show"). Note: you will have to configure your
 > switch
 > to send the vlan as "tagged" to the eth1 interface.
 >
 > For your security concerns I suggest you look into mac-filtering or
 > maybe
 > check for mismatches between mac and ip addresses you have configured
 > for
 > the CT, the --netif_add command will generate a mac-address or you can
 > set
 > one manually.
 >
 > The veth<VEID>.0 interface will also show up in the HN and you can do
 > firewalling with something like this;
 >
 > -A OUTPUT -o veth<VEID>.0 -s <IP> -j ACCEPT
 > -A OUTPUT -o veth<VEID>.0 -j DROP
 >
 > (You will have to check the iptables-commands as I wrote them from the
 > top
 > of my head!)
 
 Thanks a lot for this explanation.
 
 Daniel
 |  
	|  |  |  
	|  |  
	| 
		
			| suPHP problem [message #43739 is a reply to message #43697] | Wed, 12 October 2011 11:50  |  
			| 
				
				
					|  Steffan Messages: 6
 Registered: February 2011
 | Junior Member |  |  |  
	| When enabling suphp im getting the message that the site is using php 5.1.6 But im using solarspeed 5.2.13
 Looking in the vsites php.ini file I see
 extension_dir = "/home/solarspeed/php/lib/"
 so look slike the righgt php.ini is there
 
 so what is wrong ?
 
 
 thanxs
 |  
	|  |  | 
 
 
 Current Time: Sat Oct 25 11:50:59 GMT 2025 
 Total time taken to generate the page: 0.09979 seconds |