[PVE-User] ip source address issue.
Dietmar Maurer
dietmar at proxmox.com
Tue Aug 31 16:03:07 CEST 2010
Please try to set VE_ROUTE_SRC_DEV in /etc/vz/vz.conf
see man vz.conf
Does that help?
- Dietmar
From: pve-user-bounces at pve.proxmox.com [mailto:pve-user-bounces at pve.proxmox.com] On Behalf Of Marc Aymerich
Sent: Donnerstag, 26. August 2010 10:34
Cc: proxmoxve
Subject: Re: [PVE-User] ip source address issue.
On Thu, Aug 26, 2010 at 7:59 AM, Dietmar Maurer <dietmar at proxmox.com<mailto:dietmar at proxmox.com>> wrote:
Please can you post your network configuration /etc/network/interfaces
# network interface settings
auto lo
iface lo inet loopback
iface eth0 inet manual
iface eth1 inet manual
auto eth2
iface eth2 inet static
address 10.0.10.3
netmask 255.255.255.0
mtu 9000
auto eth3
iface eth3 inet static
address 10.10.0.3
netmask 255.255.255.0
mtu 9000
iface eth5 inet manual
auto vmbr0
iface vmbr0 inet static
address 77.246.179.77
netmask 255.255.255.0
gateway 77.246.179.7
bridge_ports eth0
bridge_stp off
bridge_fd 0
auto vmbr1
iface vmbr1 inet static
address 10.0.0.3
netmask 255.255.255.0
bridge_ports eth1
bridge_stp off
bridge_fd 0
After restarting a HN3 It doesn't connect to my sql-server anymore (sql-server is an OVZ container that lives on HN3, connections from HN1 or HN2 to sql-server work fine). The reason seems to be network related.
HN3: 77.2.179.77/24<http://77.2.179.77/24>
sql-server: 77.2.179.120/24<http://77.2.179.120/24> (remember, it lives on HN3)
lets do a ping, from HN3 to sql-server container
HN3:~# ping 77.2.179.120
PING 77.2.179.120 (77.2.179.120) 56(84) bytes of data.
64 bytes from 77.2.179.120<http://77.2.179.120>: icmp_seq=1 ttl=64 time=0.043 ms
Seems to work fine, but when we use tcpdump to examine that ping, we get this:
HN3:~# tcpdump ip proto 1 -i venet0
16:07:15.175602 IP 10.0.10.3 > 77.2.179.120<http://77.2.179.120>: ICMP echo request, id 33323, seq 28, length 64
16:07:15.175623 IP 77.2.179.120 > 10.0.10.3<http://10.0.10.3>: ICMP echo reply, id 33323, seq 28, length 64
Why HN3 use 10.0.10.3 src ip address instead of 77.2.179.77 ? At least it's what 'ip ro' say:
HN3:~# ip ro
10.0.0.20 dev venet0 scope link
77.2.179.122 dev venet0 scope link
77.2.179.120 dev venet0 scope link
77.2.179.126 dev venet0 scope link
77.2.179.125 dev venet0 scope link
10.0.0.0/24<http://10.0.0.0/24> dev vmbr1 proto kernel scope link src 10.0.0.3
77.2.179.0/24<http://77.2.179.0/24> dev vmbr0 proto kernel scope link src 77.2.179.77
10.10.0.0/24<http://10.10.0.0/24> dev eth3 proto kernel scope link src 10.10.0.3
10.0.10.0/24<http://10.0.10.0/24> dev eth2 proto kernel scope link src 10.0.10.3
default via 77.2.179.7 dev vmbr0
packets to 77.2.179.0/24<http://77.2.179.0/24> must use 77.2.179.77 as src address.
What is that I'm missing? Maybe "venet" doesn't look 'ip ro' table? How could I force a correct src address for the ip packets to my sql-server?
Note:
packet src addr from others HN are correct:
16:25:53.535392 IP 77.2.179.75 > 77.2.179.120<http://77.2.179.120>: ICMP echo request, id 6748, seq 4, length 64
16:25:53.535423 IP 77.2.179.120 > 77.2.179.75<http://77.2.179.75>: ICMP echo reply, id 6748, seq 4, length 64
br Marc
--
Marc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20100831/dc125131/attachment.htm>
More information about the pve-user
mailing list