[PVE-User] ip source address issue.

Marc Aymerich glicerinu at gmail.com
Wed Aug 25 16:35:02 CEST 2010


Hi,
After restarting a HN3 It doesn't connect to my sql-server anymore
(sql-server is an OVZ container that lives on HN3, connections from HN1 or
HN2 to sql-server work fine). The reason seems to be network related.

HN3: 77.2.179.77/24
sql-server: 77.2.179.120/24 (remember, it lives on HN3)

lets do a ping, from HN3 to sql-server container

HN3:~# ping 77.2.179.120
PING 77.2.179.120 (77.2.179.120) 56(84) bytes of data.
64 bytes from 77.2.179.120: icmp_seq=1 ttl=64 time=0.043 ms

Seems to work fine, but when we use tcpdump to examine that ping, we get
this:

HN3:~# tcpdump ip proto 1 -i venet0
16:07:15.175602 IP 10.0.10.3 > 77.2.179.120: ICMP echo request, id 33323,
seq 28, length 64
16:07:15.175623 IP 77.2.179.120 > 10.0.10.3: ICMP echo reply, id 33323, seq
28, length 64

Why HN3 use 10.0.10.3 src ip address instead of 77.2.179.77 ? At least it's
what 'ip ro' say:

HN3:~# ip ro
10.0.0.20 dev venet0  scope link
77.2.179.122 dev venet0  scope link
77.2.179.120 dev venet0  scope link
77.2.179.126 dev venet0  scope link
77.2.179.125 dev venet0  scope link
10.0.0.0/24 dev vmbr1  proto kernel  scope link  src 10.0.0.3
77.2.179.0/24 dev vmbr0  proto kernel  scope link  src 77.2.179.77
10.10.0.0/24 dev eth3  proto kernel  scope link  src 10.10.0.3
10.0.10.0/24 dev eth2  proto kernel  scope link  src 10.0.10.3
default via 77.2.179.7 dev vmbr0

packets to 77.2.179.0/24 must use 77.2.179.77 as src address.

What is that I'm missing? Maybe "venet" doesn't look 'ip ro' table? How
could I force a correct src address for the ip packets to my sql-server?



Note:
packet src addr from others HN are correct:

16:25:53.535392 IP 77.2.179.75 > 77.2.179.120: ICMP echo request, id 6748,
seq 4, length 64
16:25:53.535423 IP 77.2.179.120 > 77.2.179.75: ICMP echo reply, id 6748, seq
4, length 64

br Marc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pve.proxmox.com/pipermail/pve-user/attachments/20100825/9e0b86c3/attachment-0013.html>


More information about the pve-user mailing list