OpenVZ + Bridge a vice virtualnich eth

Zdenek Janis janis na alberon.cz
Pondělí Duben 7 10:05:00 CEST 2008 

Tak jsem se unahlil...
I po prejmenovani mi pakety prichazi z jineho virtualniho eth nez je 
pridelena IP:


$ ip a
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
     inet 127.0.0.1/8 scope host lo
3: venet0: <BROADCAST,POINTOPOINT,NOARP> mtu 1500 qdisc noop
     link/void
5: eth101.0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
     link/ether 00:17:f2:01:00:00 brd ff:ff:ff:ff:ff:ff
     inet 192.168.1.101/24 brd 192.168.1.255 scope global eth101.0
7: eth101.1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
     link/ether 00:17:f2:01:00:01 brd ff:ff:ff:ff:ff:ff
     inet 192.168.255.9/29 brd 192.168.255.15 scope global eth101.1
9: eth101.2: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
     link/ether 00:17:f2:01:00:02 brd ff:ff:ff:ff:ff:ff
     inet 192.168.255.3/29 brd 192.168.255.7 scope global eth101.2

$ iptables -t mangle -L -v
Chain PREROUTING (policy ACCEPT 6412 packets, 1745K bytes)
  pkts bytes target     prot opt in     out     source 
destination
     0     0 LOG        0    --  any    any     anywhere 
anywhere            MAC 00:1B:9E:91:85:79 LOGlevel warning

Chain INPUT (policy ACCEPT 4444 packets, 384K bytes)
  pkts bytes target     prot opt in     out     source 
destination

Chain FORWARD (policy ACCEPT 1785 packets, 1355K bytes)
  pkts bytes target     prot opt in     out     source 
destination

Chain OUTPUT (policy ACCEPT 2660 packets, 383K bytes)
  pkts bytes target     prot opt in     out     source 
destination

Chain POSTROUTING (policy ACCEPT 4445 packets, 1738K bytes)
  pkts bytes target     prot opt in     out     source 
destination

$ tail -f /var/log/syslog
Apr  7 09:56:47 vs101 kernel: IN=eth101.0 OUT= 
MAC=00:17:f2:01:00:00:00:1b:9e:91:85:79:08:00 SRC=212.90.248.182 
DST=192.168.255.3 LEN=52 TOS=0x10 PREC=0xA0 TTL=52 ID=8563 DF PROTO=TCP 
SPT=49312 DPT=22 WINDOW=406 RES=0x00 ACK FIN URGP=0
Apr  7 09:56:48 vs101 kernel: IN=eth101.0 OUT= 
MAC=00:17:f2:01:00:00:00:1b:9e:91:85:79:08:00 SRC=212.90.248.182 
DST=192.168.255.3 LEN=52 TOS=0x10 PREC=0xA0 TTL=52 ID=8564 DF PROTO=TCP 
SPT=49312 DPT=22 WINDOW=406 RES=0x00 ACK URGP=0

Pritom na eth101.0 je IP 192.168.1.101/24, takze paket cestujici na 
192.168.255.3 by vubec na eth101.0 nemel co delat, ale mel by byt na 
eth101.2 ...


Zdenek Janis napsal(a):
> Zdenek Janis napsal(a):
>> Pri logovani paketu na virtualnim stroji s vice eth pres iptablesy se 
>> vsechny pakety tvari, ze jdou z eth0 ackoliv IP je na uplne jinem eth. 
>> Nevim zda se jedna o eth0 stroje HW nebo eth0 virtualniho (mam je 
>> pojmenovany stejne - mozna chyba a zdroj problemu?!). Da se nejak 
>> "zaridit" aby pakety cestovaly pres spravna rozhrani?! Nebo to je proste 
>> vlastnost bridge?!
> 

-- 
     Zdenek Janis, Alberon, +420465618508, +420777338083

Další informace o konferenci Linux