| Re: 2 interfaces local network routing issue possible bug? [message #15336 is a reply to message #15328] |
Fri, 27 July 2007 07:33   |
khorenko
Messages: 533
Registered: January 2006
Location: Moscow, Russia
|
Senior Member |
|
|
Hello.
1) well, might be it's not too bad that a VE with public IP can ping VEs/HN with local IPs? What problems can this bring?
2) the packets routing scheme is following: a packet from 75.21.221.23 goes to the VE0, there routing table is lookuped for 10.21.1.3 destination, such a rule exists by default thus the packet is forwarded to venet.
Taking this into account if you still want to disable ability to ping VEs/HN with local IPs from a VE with global IP, you can create an iptables rule in VE0 which will drop packets with source - global IP of the mentioned VE and the local addresses 10.21.1.3/24 (or so) as a destination.
something like
# iptables -A FORWARD -s 75.21.221.23 -d 10.21.1.3/24 -j DROP
Hope this helps.
If your problem is solved - please, report it!
It's even more important than reporting the problem itself...
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
