OpenVZ Forum


Home » General » Support » Assign IP within VE (Why am I able to use ip addr add inside VE?)
Assign IP within VE [message #49265] Mon, 15 April 2013 21:03 Go to next message
semir is currently offline  semir
Messages: 13
Registered: April 2013
Location: Magyarország
Junior Member
Hi,

I am able to assign IP address ot venet from inside the CT. 10.0.0.88 was not assigned to any CT before. 

 [root@git /]# ip addr add 10.00.0.88 dev venet0:0
 [root@git /]# ping 10.0.0.32
 PING 10.0.0.32 (10.0.0.32) 56(84) bytes of data.
 64 bytes from 10.0.0.32: icmp_seq=1 ttl=63 time=466 ms
 64 bytes from 10.0.0.32: icmp_seq=2 ttl=63 time=0.399 ms
 64 bytes from 10.0.0.32: icmp_seq=3 ttl=63 time=0.470 ms


Though OpenVZ wiki writes:
"No possiblity to assign an IP from the CT
With venet device, only OpenVZ hardware node administrator can assign an IP address to a container."

"Venet drop ip-packets from the container with a source address, and in the container with the destination address, which is not corresponding to an ip-address of the container."

So? Does venet drop the packages or should I have the FORWARD chain on the host default to drop?
Is this behaviour normal?


Thank you!
Bests,
Semir

Report message to a moderator

Re: Assign IP within VE [message #49396 is a reply to message #49265] Sat, 27 April 2013 23:35 Go to previous messageGo to next message
semir is currently offline  semir
Messages: 13
Registered: April 2013
Location: Magyarország
Junior Member
Sorry, Im using Centos 5 with 2.6.18-274.3.1.el5.028stab094.3xen kernel and vzctl version 3.3.

Thank you!

Report message to a moderator

Re: Assign IP within VE [message #49417 is a reply to message #49396] Mon, 29 April 2013 18:04 Go to previous messageGo to next message
Paparaciz
Messages: 302
Registered: August 2009
Senior Member
can you ping 10.0.0.88 from HN?

Report message to a moderator

Re: Assign IP within VE [message #49419 is a reply to message #49417] Mon, 29 April 2013 18:14 Go to previous messageGo to next message
semir is currently offline  semir
Messages: 13
Registered: April 2013
Location: Magyarország
Junior Member
Nope. Not from anywhere outside.

Interesting.

Though from the VE I can connect to any 10.0.0.X address.

So basically any client of mine can add any address to his VPS and reach the world through that, but wont be able to access it through that?

Is this normal?

Report message to a moderator

Re: Assign IP within VE [message #49421 is a reply to message #49265] Mon, 29 April 2013 19:02 Go to previous messageGo to next message
Paparaciz
Messages: 302
Registered: August 2009
Senior Member
is HN ip is from the 10.0.0.X range?
what is ip of ct?

Report message to a moderator

Re: Assign IP within VE [message #49422 is a reply to message #49265] Mon, 29 April 2013 19:05 Go to previous messageGo to next message
Paparaciz
Messages: 302
Registered: August 2009
Senior Member
and do you using iptables masquerade in HN?

Report message to a moderator

Re: Assign IP within VE [message #49423 is a reply to message #49421] Mon, 29 April 2013 19:05 Go to previous messageGo to next message
semir is currently offline  semir
Messages: 13
Registered: April 2013
Location: Magyarország
Junior Member
yes, the HN has 10.0.0.X range address.
The ct has public ip and this newly assigned 10.0.0.88.

Report message to a moderator

Re: Assign IP within VE [message #49424 is a reply to message #49422] Mon, 29 April 2013 19:06 Go to previous messageGo to next message
semir is currently offline  semir
Messages: 13
Registered: April 2013
Location: Magyarország
Junior Member
No. VPSs have public IP.
I use 10.0.0.X for internal communication between CTs or for CTs of internal use (without public IP), like a backup ct or a private caching dns server.

Report message to a moderator

Re: Assign IP within VE [message #49425 is a reply to message #49424] Mon, 29 April 2013 19:14 Go to previous messageGo to next message
Paparaciz
Messages: 302
Registered: August 2009
Senior Member
than I guess you are doing something with routing table.
can you check what 10.0.0.32 see ip packets are coming from?

Report message to a moderator

Re: Assign IP within VE [message #49426 is a reply to message #49425] Mon, 29 April 2013 19:26 Go to previous message
semir is currently offline  semir
Messages: 13
Registered: April 2013
Location: Magyarország
Junior Member
AAAAAAawwwwww MAN.... Embarassed Embarassed Embarassed
Im sorry. you were right.
I tried this on a vps that had both public ip and private.
So the HN routed through the public ip (as the HN and the target CT both had 10.0.0.X ip)!


Thank you very much!

Smile

Report message to a moderator

Previous Topic: Forkbomb
Next Topic: /vz/root/1/ or /vz/private/1/ disappeared
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Fri Jun 13 11:11:58 GMT 2025

Total time taken to generate the page: 0.02055 seconds
Powered by FUDforum Powered by Virtuozzo Containers