| *SOLVED* Source IP within VE [message #7015] |
Fri, 29 September 2006 21:02  |
marcot
Messages: 16
Registered: September 2006
|
Junior Member |
|
|
Hi *,
here comes a noob question wrt. routing  .
Let´s say i´ve got the host running on 11.22.33.44 (first public IP), and my webserver within a VE with a public IP (second public IP).
When going through the logs or tracing packages by tcpdump all packages arriving carry the IP of my host rather than of the client requesting the webpage (somehow obvious).
However, i´d like to have the client´s IP logged within the Apache logs...
Any clue / hint on how to set up transparent routing accordingly ?
I´m using the venet device and have added the public IP as an additional IP to venet within the host environment.
Rgds,
Marco
[Updated on: Wed, 04 October 2006 06:12] by Moderator Report message to a moderator |
|
|
|
|
|
|
|
|
|
| Re: Source IP within VE [message #7090 is a reply to message #7087] |
Tue, 03 October 2006 13:18  |
marcot
Messages: 16
Registered: September 2006
|
Junior Member |
|
|
Hi,
thanks a lot for your reply - i did manage to get it work now (after some sleepless days/nights).
I figured out that Masquerading had still been "on", and thus the IP had obviously been SNATed 
However, veth as suggested caused issues in my recent tries, and bridging does not seem to be an option hence i have only one NIC, and bridging it to the VE would do same than just moving the NIC to the VE.
What i´m still struggling with is the fact that i do have my "main" IP within one subnet and the VE´s IPs in a different subnet.
From that perspective i´d thought about enabling FW_ALLOW_CLASS_ROUTING within my Firewall, however i just used FORWARD for all traffic heading towards and from my VE and 'firewall' it within the VE once again.
*snip*
I really thing networking as such needs some more explanation within the VZopen WIKI, even though it´s not a core topic for this page a lot of issues seem to arise from it, and some straight forward HowTo´s might save some days of "work" (like in my case).
Unfortunately i´m not that familiar with the topic, thus i´m unable to contribute here  .
I appreciate that networking configurations may differ heavily on the specific setup, however some generic stuff - like not to add the IP to anywhere within the host or questions like "shall i disable venet0 when utilizing veth ?" could be helpful.
Thanks again for your posts !
Rgds,
Marco
|
|
|
|
| Re: Source IP within VE [message #7091 is a reply to message #7090] |
Tue, 03 October 2006 13:39 |
John Kelly
Messages: 97
Registered: May 2006
Location: Palmetto State
|
Member |
|
|
| marcot wrote on Tue, 03 October 2006 09:18 |
What i´m still struggling with is the fact that i do have my "main" IP within one subnet and the VE´s IPs in a different subnet.
|
My setup is simple. 1 HN, 2 VEs, all three IPs in the same class C. So I don't have to worry about routing, OpenVZ handles it for me, by publishing ARP entries for the VEs. The upstream router at my provider uses the ARP information, and knows to route all three IPs to my ethernet card. Then OpenVZ automatically knows how to handle packets destined for the VEs.
| Quote: |
From that perspective i´d thought about enabling FW_ALLOW_CLASS_ROUTING within my Firewall, however i just used FORWARD for all traffic heading towards and from my VE and 'firewall' it within the VE once again.
|
I don't use a firewall.
My advice is: start as simple as possible, and get that working. Then add other pieces you need, one at a time. That way, you can understand where problems begin. And maybe it will be easier to find a solution.
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
