Hello.
I have 2 HNs (each have 2 uplinks and 3 IP address ranges) with multiple containers on them.
HN1 and HN2 can reach all containers.
Containers from the same address range can reach each other.
All containers can be reached from any external sources.
But containers from different HNs cannot reach each other, if they have their IP addressses are from different ranges.
Network structure:
Cont1 (5.yy.yy.171) - HN1 (5.yy.yy.162, 85.xx.xx.51) - switch - HN2 (5.yy.yy.163, 85.xx.xx.52) - Cont2 (85.xx.xx.54)
Routes from HN2 (they're the same on HN1, only difference is its IP addresses):
# ip ru l
0:      from all lookup local
1:      from all lookup main
32748:  from 5.yy.yy.160/27 lookup 120
32749:  from 85.xx.xx.18/28 lookup 130
32750:  from 85.xx.xx.48/28 lookup 140
32766:  from all lookup 130
32767:  from all lookup default
# ip ro l table main: 
5.yy.yy.189 dev venet0  scope link
5.yy.yy.175 dev venet0  scope link 
85.xx.xx.54 dev venet0  scope link 
85.xx.xx.55 dev venet0  scope link 
85.xx.xx.48/28 dev eth0  proto kernel  scope link  src 85.xx.xx.52 
85.xx.xx.16/28 dev eth0  proto kernel  scope link  src 85.xx.xx.22 
5.yy.yy.160/27 dev eth1  proto kernel  scope link  src 5.yy.yy.163 
169.254.0.0/16 dev eth0  scope link  metric 1002
169.254.0.0/16 dev eth1  scope link  metric 1003
169.254.0.0/16 dev eth2  scope link  metric 1004
# ip ro l table 120: 
5.yy.yy.160/27 dev eth1  scope link  src 5.yy.yy.163
default via 5.yy.yy.161 dev eth1
# ip ro l table 130: 
85.xx.xx.16/28 dev eth0  scope link  src 85.xx.xx.22 
default via 85.xx.xx.17 dev eth0 
# ip ro l table 140: 
85.xx.xx.48/28 dev eth0  scope link  src 85.xx.xx.52 
default via 85.xx.xx.49 dev eth0 
Iptables is empty and defaulted to accept.
Any suggestions?
Solution: 
It was pretty simple, my routing tables are good, all i needed was to set rp_filter=0.
		
		
		[Updated on: Fri, 04 April 2014 08:22]
Report message to a moderator