[PVE-User] ip source address issue.

Dietmar Maurer dietmar at proxmox.com
Thu Aug 26 07:59:04 CEST 2010


Please can you post your network configuration /etc/network/interfaces

After restarting a HN3 It doesn't connect to my sql-server anymore (sql-server is an OVZ container that lives on HN3, connections from HN1 or HN2 to sql-server work fine). The reason seems to be network related.

HN3: 77.2.179.77/24<http://77.2.179.77/24>
sql-server: 77.2.179.120/24<http://77.2.179.120/24> (remember, it lives on HN3)

lets do a ping, from HN3 to sql-server container

HN3:~# ping 77.2.179.120
PING 77.2.179.120 (77.2.179.120) 56(84) bytes of data.
64 bytes from 77.2.179.120<http://77.2.179.120>: icmp_seq=1 ttl=64 time=0.043 ms

Seems to work fine, but when we use tcpdump to examine that ping, we get this:

HN3:~# tcpdump ip proto 1 -i venet0
16:07:15.175602 IP 10.0.10.3 > 77.2.179.120<http://77.2.179.120>: ICMP echo request, id 33323, seq 28, length 64
16:07:15.175623 IP 77.2.179.120 > 10.0.10.3<http://10.0.10.3>: ICMP echo reply, id 33323, seq 28, length 64

Why HN3 use 10.0.10.3 src ip address instead of 77.2.179.77 ? At least it's what 'ip ro' say:

HN3:~# ip ro
10.0.0.20 dev venet0  scope link
77.2.179.122 dev venet0  scope link
77.2.179.120 dev venet0  scope link
77.2.179.126 dev venet0  scope link
77.2.179.125 dev venet0  scope link
10.0.0.0/24<http://10.0.0.0/24> dev vmbr1  proto kernel  scope link  src 10.0.0.3
77.2.179.0/24<http://77.2.179.0/24> dev vmbr0  proto kernel  scope link  src 77.2.179.77
10.10.0.0/24<http://10.10.0.0/24> dev eth3  proto kernel  scope link  src 10.10.0.3
10.0.10.0/24<http://10.0.10.0/24> dev eth2  proto kernel  scope link  src 10.0.10.3
default via 77.2.179.7 dev vmbr0

packets to 77.2.179.0/24<http://77.2.179.0/24> must use 77.2.179.77 as src address.

What is that I'm missing? Maybe "venet" doesn't look 'ip ro' table? How could I force a correct src address for the ip packets to my sql-server?



Note:
packet src addr from others HN are correct:

16:25:53.535392 IP 77.2.179.75 > 77.2.179.120<http://77.2.179.120>: ICMP echo request, id 6748, seq 4, length 64
16:25:53.535423 IP 77.2.179.120 > 77.2.179.75<http://77.2.179.75>: ICMP echo reply, id 6748, seq 4, length 64

br Marc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pve.proxmox.com/pipermail/pve-user/attachments/20100826/394097ae/attachment-0014.html>


More information about the pve-user mailing list