container configuration file: ONBOOT="yes" # UBC parameters (in form of barrier:limit) KMEMSIZE="14372700:14790164" LOCKEDPAGES="256:256" PRIVVMPAGES="65536:69632" SHMPAGES="21504:21504" NUMPROC="240:240" PHYSPAGES="0:9223372036854775807" VMGUARPAGES="33792:9223372036854775807" OOMGUARPAGES="26112:9223372036854775807" NUMTCPSOCK="360:360" NUMFLOCK="188:206" NUMPTY="16:16" NUMSIGINFO="256:256" TCPSNDBUF="1720320:2703360" TCPRCVBUF="1720320:2703360" OTHERSOCKBUF="1126080:2097152" DGRAMRCVBUF="262144:262144" NUMOTHERSOCK="360:360" DCACHESIZE="3409920:3624960" NUMFILE="9312:9312" AVNUMPROC="180:180" NUMIPTENT="128:128" # Disk quota parameters (in form of softlimit:hardlimit) DISKSPACE="20971520:20971520" DISKINODES="200000:220000" QUOTATIME="0" # CPU fair sheduler parameter CPUUNITS="1000" VE_ROOT="/vz/root/$VEID" VE_PRIVATE="/vz/private/$VEID" OSTEMPLATE="centos-5.2-x86_64-os" ORIGIN_SAMPLE="vps.basic" #IP_ADDRESS="10.0.129.9" NAMESERVER="10.0.0.6" HOSTNAME="seed.sf.verticalresponse.com" #FEATURES="nfs:on " NETIF="ifname=eth0,mac=00:18:51:B8:75:E8,host_ifname=veth109.0,host_mac=00:18:51:0B:D2:35" interfaces on VE0: [root@antioch ~]# ifconfig -a eth0 Link encap:Ethernet HWaddr 00:30:48:C2:F8:EC inet addr:10.0.129.4 Bcast:10.0.129.255 Mask:255.255.255.0 inet6 addr: fe80::230:48ff:fec2:f8ec/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1181 errors:0 dropped:0 overruns:0 frame:0 TX packets:765 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:117203 (114.4 KiB) TX bytes:125461 (122.5 KiB) Base address:0x2000 Memory:d8020000-d8040000 eth1 Link encap:Ethernet HWaddr 00:30:48:C2:F8:ED BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Base address:0x2020 Memory:d8060000-d8080000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:560 (560.0 b) TX bytes:560 (560.0 b) venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) veth109.0 Link encap:Ethernet HWaddr 00:18:51:0B:D2:35 inet6 addr: fe80::218:51ff:fe0b:d235/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:15 errors:0 dropped:0 overruns:0 frame:0 TX packets:7 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:692 (692.0 b) TX bytes:384 (384.0 b) route table on VE0: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.129.9 0.0.0.0 255.255.255.255 UH 0 0 0 veth109.0 10.0.129.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 10.0.129.1 0.0.0.0 UG 0 0 0 eth0 route table on container: [root@seed /]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.129.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 10.0.129.1 0.0.0.0 UG 0 0 0 eth0 tcpdump on VE0, eth0: [root@antioch ~]# tcpdump -e -l -s 0 -i eth0 udp port bootps or udp port bootpc tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 16:18:13.799195 00:30:48:c2:f4:5e (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 590: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:30:48:c2:f4:5e (oui Unknown), length: 548 16:18:15.805237 00:30:48:c2:f4:5e (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 590: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:30:48:c2:f4:5e (oui Unknown), length: 548 16:18:17.837033 00:30:48:c2:f4:5e (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 590: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:30:48:c2:f4:5e (oui Unknown), length: 548 16:18:21.846163 00:30:48:c2:f4:5e (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 590: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:30:48:c2:f4:5e (oui Unknown), length: 548 16:18:29.863672 00:30:48:c2:f4:5e (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 590: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:30:48:c2:f4:5e (oui Unknown), length: 548 Same tcpdump on VE0, veth interface: [root@antioch ~]# tcpdump -e -l -s 0 -i veth109.0 udp port bootps or udp port bootpc tcpdump: WARNING: veth109.0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on veth109.0, link-type EN10MB (Ethernet), capture size 65535 bytes 0 packets captured 0 packets received by filter 0 packets dropped by kernel Same tcpdump on container, eth0 interface: [root@seed /]# tcpdump -e -l -s 0 -i eth0 udp port bootps or udp port bootpc tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 0 packets captured 0 packets received by filter 0 packets dropped by kernel forwarding & proxy arp is set: [root@antioch ipv4]# pwd /proc/sys/net/ipv4 [root@antioch ipv4]# cat ./conf/eth0/forwarding 1 [root@antioch ipv4]# cat ./conf/veth109.0/forwarding 1 [root@antioch ipv4]# cat ./conf/veth109.0/proxy_arp 1 [root@antioch ipv4]# cat ./conf/eth0/proxy_arp 1 from VE0: [root@antioch ~]# ip rule list 0: from all lookup 255 32766: from all lookup main 32767: from all lookup default [root@antioch ~]# iptables --list Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination