OpenVZ Forum


Home » General » Support » Fully access to NIC
icon5.gif  Fully access to NIC [message #4863] Mon, 31 July 2006 09:30 Go to next message
TSchilli is currently offline  TSchilli
Messages: 9
Registered: June 2006
Location: Weiterstadt / Hessen / Ge...
Junior Member
Hello,

we try to use ARP-Watch and similar tools in a VPS, but currently it doesn't work.
Is there any possibility to grant those tools fully access to an interface?
I've read about moving the interface into the VPS, but then you'll lose direct access from host...

Our host system is a CentOS with Kernel 2.6.16-026test015.2-smp
the guest systems are CentOS or Debian.

Hope you could help us, thanks TSchilli
Re: Fully access to NIC [message #4879 is a reply to message #4863] Tue, 01 August 2006 11:17 Go to previous messageGo to next message
aistis is currently offline  aistis
Messages: 77
Registered: September 2005
Location: Kaunas, Lithuania
Member

try veth interface inside VPS:
http://wiki.openvz.org/Differences_between_venet_and_veth
http://wiki.openvz.org/Veth



Aistis Zenkevicius
http://static.openvz.org/userbars/openvz-user.png
Re: Fully access to NIC [message #4881 is a reply to message #4863] Tue, 01 August 2006 14:00 Go to previous messageGo to next message
TSchilli is currently offline  TSchilli
Messages: 9
Registered: June 2006
Location: Weiterstadt / Hessen / Ge...
Junior Member
Thanks for that pages.
I used the HOWTO to install such an VETH-device, but it doesn't work. The VPS have the MAC-Address given by the command, ping and everything works correct.
But the command arp still gives no reply, the arp-tabel seems to be empty or not readable.

Here my networkconfigs, hope somebody could find the mistake?


@ VPS
=======
-bash-3.00# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:11:43:E3:F4:EF
inet addr:192.168.0.101 Bcast:0.0.0.0 Mask:255.255.255.255
inet6 addr: fe80::211:43ff:fee3:f4ef/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:384 (384.0 b)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:336 (336.0 b) TX bytes:336 (336.0 b)

venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:134.101.21.87 P-t-P:134.101.21.87 Bcast:134.101.21.87 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1

======

@ VE0
======
eth0 Link encap:Ethernet HWaddr 00:11:43:E3:F4:EE
inet addr:134.101.28.143 Bcast:134.101.31.255 Mask:255.255.240.0
inet6 addr: fe80::211:43ff:fee3:f4ee/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12612560 errors:0 dropped:0 overruns:0 frame:0
TX packets:33275 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2145404405 (1.9 GiB) TX bytes:4672347 (4.4 MiB)
Base address:0xecc0 Memory:dfae0000-dfb00000

eth1 Link encap:Ethernet HWaddr 00:11:43:E3:F4:EF
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Base address:0xdcc0 Memory:df8e0000-df900000

sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:9207 errors:0 dropped:0 overruns:0 frame:0
TX packets:3619 errors:0 dropped:16 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1852791 (1.7 MiB) TX bytes:264012 (257.8 KiB)

veth102.0 Link encap:Ethernet HWaddr 00:11:43:E3:F4:EE
inet6 addr: fe80::211:43ff:fee3:f4ee/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:6 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:384 (384.0 b) TX bytes:0 (0.0 b)



Thanks TSchilli
Re: Fully access to NIC [message #4892 is a reply to message #4881] Tue, 01 August 2006 20:11 Go to previous messageGo to next message
aistis is currently offline  aistis
Messages: 77
Registered: September 2005
Location: Kaunas, Lithuania
Member

TSchilli, put IP address from 192.168.0.0/24 subnet on veth102.0 on VE0 and try again.




Aistis Zenkevicius
http://static.openvz.org/userbars/openvz-user.png
Re: Fully access to NIC [message #4904 is a reply to message #4892] Wed, 02 August 2006 06:11 Go to previous messageGo to next message
TSchilli is currently offline  TSchilli
Messages: 9
Registered: June 2006
Location: Weiterstadt / Hessen / Ge...
Junior Member
With an address from 192.168.0./24 the guest is unreachable, I gave him an address from 134.101.16.0/20, our current netmask.
I'm able to ping the guest, or ping out of it. But arp still doesn't work.

Here the config again:

Host
============
veth102.0 Link encap:Ethernet HWaddr 00:11:43:E3:F4:EE
inet addr:134.101.21.87 Bcast:134.101.255.255 Mask:255.255.0.0
inet6 addr: fe80::211:43ff:fee3:f4ee/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:6 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:384 (384.0 b) TX bytes:0 (0.0 b)
============

Guest
=============
eth0 Link encap:Ethernet HWaddr 00:11:43:E3:F4:EF
inet addr:192.168.0.101 Bcast:0.0.0.0 Mask:255.255.255.255
inet6 addr: fe80::211:43ff:fee3:f4ef/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:384 (384.0 b)
=============

Sorry, hopefully it helps....thanks

P.S.: Is it ok, that eth0 from guest has an 192.168.0./24 address while there is a different netmask at host?
Re: Fully access to NIC [message #4921 is a reply to message #4863] Wed, 02 August 2006 10:17 Go to previous messageGo to next message
aistis is currently offline  aistis
Messages: 77
Registered: September 2005
Location: Kaunas, Lithuania
Member

it should be reachable with ip from that subnet if you have propper routing table. Look at wiki again, make sure you have everything in place.


Aistis Zenkevicius
http://static.openvz.org/userbars/openvz-user.png
Re: Fully access to NIC [message #5045 is a reply to message #4863] Wed, 09 August 2006 08:10 Go to previous messageGo to next message
TSchilli is currently offline  TSchilli
Messages: 9
Registered: June 2006
Location: Weiterstadt / Hessen / Ge...
Junior Member
I've checked all the settings, now I'm able to use the eth0-device in the VPS. Everything works fine. Tcpdump and arp seems to work correctly.

The arp-table isn't empty anymore, but any any host has the mac address from our host system. Is that normal behavior, or something wrong with my configuration?

Thanks so far, TSchilli
Re: Fully access to NIC [message #5048 is a reply to message #5045] Wed, 09 August 2006 08:31 Go to previous messageGo to next message
Vasily Tarasov is currently offline  Vasily Tarasov
Messages: 1345
Registered: January 2006
Senior Member
Yeap, it's normal. All packets are routed from the host to the VE, so cirtainly arp can see only ARP-addres of the host.
Re: Fully access to NIC [message #5049 is a reply to message #5048] Wed, 09 August 2006 08:54 Go to previous messageGo to next message
TSchilli is currently offline  TSchilli
Messages: 9
Registered: June 2006
Location: Weiterstadt / Hessen / Ge...
Junior Member
Is it possible to change this?
Some workarounds or something like that?

We want to use arpwatch in a VPS, seems a little bit stupid when we only get a single mac address for all the clients! Wink

Thanks TSchilli
Re: Fully access to NIC [message #5050 is a reply to message #5049] Wed, 09 August 2006 09:00 Go to previous messageGo to next message
Vasily Tarasov is currently offline  Vasily Tarasov
Messages: 1345
Registered: January 2006
Senior Member
I see only one way: move network device to VE (--netdev_add).
But after that HOST system doesn't have this device.
Re: Fully access to NIC [message #5052 is a reply to message #5050] Wed, 09 August 2006 09:05 Go to previous messageGo to next message
TSchilli is currently offline  TSchilli
Messages: 9
Registered: June 2006
Location: Weiterstadt / Hessen / Ge...
Junior Member
OK, thanks for the great support TSchilli

P.S.: If somebody else have another idea please reply to this post or inform me via mail
Re: Fully access to NIC [message #5053 is a reply to message #5052] Wed, 09 August 2006 09:29 Go to previous message
Andrey Mirkin is currently offline  Andrey Mirkin
Messages: 193
Registered: May 2006
Senior Member
There is another way to solve this problem.
You can create bridge in host system and add eth0 device and veth102.0 to it.
(See http://wiki.openvz.org/Virtual_Ethernet_device#Virtual_ether net_devices_can_be_joined_in_one_bridge for details).
Do not forget to assign IP from eth0 host-system device to bridge device and reconfigure route table accordingly.
After that packets from outer network will be passed to VPS without routing in VE0, so you will see destination MAC-addresses in arp-table inside VPS.


Andrey Mirkin
http://static.openvz.org/userbars/openvz-developer.png
Previous Topic: *SOLVED* VPS Tamplate: gentoo-20060317-i686-stage3
Next Topic: *SOLVED* Problem starting VPS
Goto Forum:
  


Current Time: Wed Nov 06 10:40:53 GMT 2024

Total time taken to generate the page: 0.03418 seconds