OpenVZ Forum: Support » Fully access to NIC

Home » General » Support » Fully access to NIC

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Fully access to NIC [message #4863]

Mon, 31 July 2006 09:30

TSchilli
Messages: 9
Registered: June 2006
Location: Weiterstadt / Hessen / Ge...

Junior Member

Hello,

we try to use ARP-Watch and similar tools in a VPS, but currently it doesn't work.
Is there any possibility to grant those tools fully access to an interface?
I've read about moving the interface into the VPS, but then you'll lose direct access from host...

Our host system is a CentOS with Kernel 2.6.16-026test015.2-smp
the guest systems are CentOS or Debian.

Hope you could help us, thanks TSchilli

Report message to a moderator

Re: Fully access to NIC [message #4879 is a reply to message #4863]

Tue, 01 August 2006 11:17

aistis
Messages: 77
Registered: September 2005
Location: Kaunas, Lithuania

Member

try veth interface inside VPS:
http://wiki.openvz.org/Differences_between_venet_and_veth
http://wiki.openvz.org/Veth

Aistis Zenkevicius

http://static.openvz.org/userbars/openvz-user.png

Report message to a moderator

Re: Fully access to NIC [message #4881 is a reply to message #4863]

Tue, 01 August 2006 14:00

TSchilli
Messages: 9
Registered: June 2006
Location: Weiterstadt / Hessen / Ge...

Junior Member

Thanks for that pages.
I used the HOWTO to install such an VETH-device, but it doesn't work. The VPS have the MAC-Address given by the command, ping and everything works correct.
But the command arp still gives no reply, the arp-tabel seems to be empty or not readable.

Here my networkconfigs, hope somebody could find the mistake?

@ VPS
=======
-bash-3.00# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:11:43:E3:F4:EF
inet addr:192.168.0.101 Bcast:0.0.0.0 Mask:255.255.255.255
inet6 addr: fe80::211:43ff:fee3:f4ef/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:384 (384.0 b)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:336 (336.0 b) TX bytes:336 (336.0 b)

venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:134.101.21.87 P-t-P:134.101.21.87 Bcast:134.101.21.87 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1

======

@ VE0
======
eth0 Link encap:Ethernet HWaddr 00:11:43:E3:F4:EE
inet addr:134.101.28.143 Bcast:134.101.31.255 Mask:255.255.240.0
inet6 addr: fe80::211:43ff:fee3:f4ee/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12612560 errors:0 dropped:0 overruns:0 frame:0
TX packets:33275 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2145404405 (1.9 GiB) TX bytes:4672347 (4.4 MiB)
Base address:0xecc0 Memory:dfae0000-dfb00000

eth1 Link encap:Ethernet HWaddr 00:11:43:E3:F4:EF
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Base address:0xdcc0 Memory:df8e0000-df900000

sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:9207 errors:0 dropped:0 overruns:0 frame:0
TX packets:3619 errors:0 dropped:16 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1852791 (1.7 MiB) TX bytes:264012 (257.8 KiB)

veth102.0 Link encap:Ethernet HWaddr 00:11:43:E3:F4:EE
inet6 addr: fe80::211:43ff:fee3:f4ee/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:6 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:384 (384.0 b) TX bytes:0 (0.0 b)

Thanks TSchilli

Report message to a moderator

Re: Fully access to NIC [message #4892 is a reply to message #4881]

Tue, 01 August 2006 20:11

aistis
Messages: 77
Registered: September 2005
Location: Kaunas, Lithuania

Member

TSchilli, put IP address from 192.168.0.0/24 subnet on veth102.0 on VE0 and try again.

Aistis Zenkevicius

Report message to a moderator

Re: Fully access to NIC [message #4904 is a reply to message #4892]

Wed, 02 August 2006 06:11

TSchilli
Messages: 9
Registered: June 2006
Location: Weiterstadt / Hessen / Ge...

Junior Member

With an address from 192.168.0./24 the guest is unreachable, I gave him an address from 134.101.16.0/20, our current netmask.
I'm able to ping the guest, or ping out of it. But arp still doesn't work.

Here the config again:

Host
============
veth102.0 Link encap:Ethernet HWaddr 00:11:43:E3:F4:EE
inet addr:134.101.21.87 Bcast:134.101.255.255 Mask:255.255.0.0
inet6 addr: fe80::211:43ff:fee3:f4ee/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:6 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:384 (384.0 b) TX bytes:0 (0.0 b)
============

Guest
=============
eth0 Link encap:Ethernet HWaddr 00:11:43:E3:F4:EF
inet addr:192.168.0.101 Bcast:0.0.0.0 Mask:255.255.255.255
inet6 addr: fe80::211:43ff:fee3:f4ef/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:384 (384.0 b)
=============

Sorry, hopefully it helps....thanks

P.S.: Is it ok, that eth0 from guest has an 192.168.0./24 address while there is a different netmask at host?

Report message to a moderator

Re: Fully access to NIC [message #4921 is a reply to message #4863]

Wed, 02 August 2006 10:17

aistis
Messages: 77
Registered: September 2005
Location: Kaunas, Lithuania

Member

it should be reachable with ip from that subnet if you have propper routing table. Look at wiki again, make sure you have everything in place.

Aistis Zenkevicius

Report message to a moderator

Re: Fully access to NIC [message #5045 is a reply to message #4863]

Wed, 09 August 2006 08:10

TSchilli
Messages: 9
Registered: June 2006
Location: Weiterstadt / Hessen / Ge...

Junior Member

I've checked all the settings, now I'm able to use the eth0-device in the VPS. Everything works fine. Tcpdump and arp seems to work correctly.

The arp-table isn't empty anymore, but any any host has the mac address from our host system. Is that normal behavior, or something wrong with my configuration?

Thanks so far, TSchilli

Report message to a moderator

Re: Fully access to NIC [message #5048 is a reply to message #5045]

Wed, 09 August 2006 08:31

Vasily Tarasov
Messages: 1345
Registered: January 2006

Senior Member

Yeap, it's normal. All packets are routed from the host to the VE, so cirtainly arp can see only ARP-addres of the host.

Report message to a moderator

Re: Fully access to NIC [message #5049 is a reply to message #5048]

Wed, 09 August 2006 08:54

TSchilli
Messages: 9
Registered: June 2006
Location: Weiterstadt / Hessen / Ge...

Junior Member

Is it possible to change this?
Some workarounds or something like that?

We want to use arpwatch in a VPS, seems a little bit stupid when we only get a single mac address for all the clients! Wink

Thanks TSchilli

Report message to a moderator

Re: Fully access to NIC [message #5050 is a reply to message #5049]

Wed, 09 August 2006 09:00

Vasily Tarasov
Messages: 1345
Registered: January 2006

Senior Member

I see only one way: move network device to VE (--netdev_add).
But after that HOST system doesn't have this device.

Report message to a moderator

Re: Fully access to NIC [message #5052 is a reply to message #5050]

Wed, 09 August 2006 09:05

TSchilli
Messages: 9
Registered: June 2006
Location: Weiterstadt / Hessen / Ge...

Junior Member

OK, thanks for the great support TSchilli

P.S.: If somebody else have another idea please reply to this post or inform me via mail

Report message to a moderator

Re: Fully access to NIC [message #5053 is a reply to message #5052]

Wed, 09 August 2006 09:29

Andrey Mirkin
Messages: 193
Registered: May 2006

Senior Member

There is another way to solve this problem.
You can create bridge in host system and add eth0 device and veth102.0 to it.
(See http://wiki.openvz.org/Virtual_Ethernet_device#Virtual_ether net_devices_can_be_joined_in_one_bridge for details).
Do not forget to assign IP from eth0 host-system device to bridge device and reconfigure route table accordingly.
After that packets from outer network will be passed to VPS without routing in VE0, so you will see destination MAC-addresses in arp-table inside VPS.

Andrey Mirkin

http://static.openvz.org/userbars/openvz-developer.png

Report message to a moderator

Previous Topic:	SOLVED VPS Tamplate: gentoo-20060317-i686-stage3
Next Topic:	SOLVED Problem starting VPS

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Tue Sep 09 03:51:32 GMT 2025

Total time taken to generate the page: 0.06436 seconds