Re: NIC dedicated for accessing VEs from internet [message #29814 is a reply to message #29786] |
Fri, 25 April 2008 09:36 |
mangust
Messages: 39 Registered: April 2008 Location: USA
|
Member |
|
|
variant with veth interface works, but i still want to try venet0. Today investigated more.
i did:
[root@trinity ~]# ifconfig eth1 up
[root@trinity ~]# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:1E:4F:2D:F1:65
inet6 addr: fe80::21e:4fff:fe2d:f165/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:250 (250.0 b)
Interrupt:169 Memory:f4000000-f4012100
[root@trinity ~]# /sbin/ip rule add from 62.15.232.178 table 100
[root@trinity ~]# ip rule show
0: from all lookup 255
32765: from 62.15.232.178 lookup 100
32766: from all lookup main
32767: from all lookup default
[root@trinity ~]# ip route add default dev eth1 via 62.15.232.182 table 100
RTNETLINK answers: Network is unreachable
[root@trinity ~]# ip route add 62.15.232.176/29 dev eth1
RTNETLINK answers: No such device
[root@trinity ~]# ifconfig eth1 inet 191.255.254.5
[root@trinity ~]# ip route add 62.15.232.176/29 dev eth1
[root@trinity ~]# ip route add default dev eth1 via 62.15.232.182 table 100
[root@trinity ~]# tcpdump -ni eth1 | grep -v 802.1d
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
11:23:56.046077 IP 62.44.79.180 > 62.15.232.178: ICMP echo request, id 63836, seq 0, length 64
11:23:56.047219 arp who-has 62.15.232.182 tell 191.255.254.5
11:23:57.045108 IP 62.44.79.180 > 62.15.232.178: ICMP echo request, id 63836, seq 1, length 64
11:23:57.047504 arp who-has 62.15.232.182 tell 191.255.254.5
11:23:58.044590 IP 62.44.79.180 > 62.15.232.178: ICMP echo request, id 63836, seq 2, length 64
11:23:58.047710 arp who-has 62.15.232.182 tell 191.255.254.5
11:23:59.045492 IP 62.44.79.180 > 62.15.232.178: ICMP echo request, id 63836, seq 3, length 64
11:24:00.046463 IP 62.44.79.180 > 62.15.232.178: ICMP echo request, id 63836, seq 4, length 64
11:24:00.047001 arp who-has 62.15.232.182 tell 191.255.254.5
11:24:01.047267 arp who-has 62.15.232.182 tell 191.255.254.5
1
To add a route i first need to add a network.
To add a network kernel want to see any IP address i gave some not existant.
Ping from outside not going
Computer want to determine routers MAC by ARP and request it from that not real 191.255.254.5
I don't want any IP on interface! Why not to use VE ip address for ARP?
If i add public address on that external NIC everithing working. but i don't need this IP for HW node, i will need to not to forget close it by firewall, tell services like ssh not to listen on it, finally i can't use it for VE
[Updated on: Fri, 25 April 2008 10:13] Report message to a moderator
|
|
|