OpenVZ + Bridge a vice virtualnich eth
Zdenek Janis
janis na alberon.cz
Pondělí Duben 7 10:05:00 CEST 2008
Tak jsem se unahlil...
I po prejmenovani mi pakety prichazi z jineho virtualniho eth nez je
pridelena IP:
$ ip a
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
3: venet0: <BROADCAST,POINTOPOINT,NOARP> mtu 1500 qdisc noop
link/void
5: eth101.0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
link/ether 00:17:f2:01:00:00 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.101/24 brd 192.168.1.255 scope global eth101.0
7: eth101.1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
link/ether 00:17:f2:01:00:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.255.9/29 brd 192.168.255.15 scope global eth101.1
9: eth101.2: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
link/ether 00:17:f2:01:00:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.255.3/29 brd 192.168.255.7 scope global eth101.2
$ iptables -t mangle -L -v
Chain PREROUTING (policy ACCEPT 6412 packets, 1745K bytes)
pkts bytes target prot opt in out source
destination
0 0 LOG 0 -- any any anywhere
anywhere MAC 00:1B:9E:91:85:79 LOGlevel warning
Chain INPUT (policy ACCEPT 4444 packets, 384K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 1785 packets, 1355K bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 2660 packets, 383K bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 4445 packets, 1738K bytes)
pkts bytes target prot opt in out source
destination
$ tail -f /var/log/syslog
Apr 7 09:56:47 vs101 kernel: IN=eth101.0 OUT=
MAC=00:17:f2:01:00:00:00:1b:9e:91:85:79:08:00 SRC=212.90.248.182
DST=192.168.255.3 LEN=52 TOS=0x10 PREC=0xA0 TTL=52 ID=8563 DF PROTO=TCP
SPT=49312 DPT=22 WINDOW=406 RES=0x00 ACK FIN URGP=0
Apr 7 09:56:48 vs101 kernel: IN=eth101.0 OUT=
MAC=00:17:f2:01:00:00:00:1b:9e:91:85:79:08:00 SRC=212.90.248.182
DST=192.168.255.3 LEN=52 TOS=0x10 PREC=0xA0 TTL=52 ID=8564 DF PROTO=TCP
SPT=49312 DPT=22 WINDOW=406 RES=0x00 ACK URGP=0
Pritom na eth101.0 je IP 192.168.1.101/24, takze paket cestujici na
192.168.255.3 by vubec na eth101.0 nemel co delat, ale mel by byt na
eth101.2 ...
Zdenek Janis napsal(a):
> Zdenek Janis napsal(a):
>> Pri logovani paketu na virtualnim stroji s vice eth pres iptablesy se
>> vsechny pakety tvari, ze jdou z eth0 ackoliv IP je na uplne jinem eth.
>> Nevim zda se jedna o eth0 stroje HW nebo eth0 virtualniho (mam je
>> pojmenovany stejne - mozna chyba a zdroj problemu?!). Da se nejak
>> "zaridit" aby pakety cestovaly pres spravna rozhrani?! Nebo to je proste
>> vlastnost bridge?!
>
--
Zdenek Janis, Alberon, +420465618508, +420777338083
Další informace o konferenci Linux