1386030499 J * treaki_ e72c70aeac@p4FF4A534.dip0.t-ipconnect.de 1386030712 Q * PowerKe Read error: Connection reset by peer 1386030946 Q * treaki__ Ping timeout: 480 seconds 1386031260 J * PowerKe ~tom@94-227-30-112.access.telenet.be 1386032402 Q * fisted Remote host closed the connection 1386032464 J * fisted ~fisted@xdsl-87-78-191-176.netcologne.de 1386036671 J * undefined ~undefined@00011a48.user.oftc.net 1386050529 J * fisted_ ~fisted@xdsl-87-78-191-176.netcologne.de 1386050577 Q * fisted Read error: Connection reset by peer 1386050577 N * fisted_ fisted 1386051146 J * geos_one ~chatzilla@80.123.185.198 1386053865 J * Ghislain ~aqueos@adsl1.aqueos.com 1386057413 Q * Romster Read error: Connection reset by peer 1386057514 J * Romster ~Romster@202.168.100.149.dynamic.rev.eftel.com 1386058770 Q * Romster Quit: Geeks shall inherit properties and methods of object earth. 1386059064 J * thierryp ~thierry@zebra.inria.fr 1386059220 J * Romster ~Romster@202.168.100.149.dynamic.rev.eftel.com 1386060892 J * thierryp_ ~thierry@zebra.inria.fr 1386060893 Q * thierryp Read error: Connection reset by peer 1386063192 M * Bertl_oO off to bed now ... have a good one everyone! 1386063202 N * Bertl_oO Bertl_zZ 1386063689 Q * ircuser-1 Ping timeout: 480 seconds 1386066284 J * ircuser-1 ~ircuser-1@35.222-62-69.ftth.swbr.surewest.net 1386066428 M * ard Can somebody unblock me on the wiki? 1386067185 M * _Shiva_ has anyone created a systemd unit for vprocunhide/util-vserver, yet..? maybe the Fedora and/or Arch people..? 1386067224 M * daniel_hozac ard: what's your account? 1386067803 Q * arekm Read error: Connection reset by peer 1386067891 J * arekm ~arekm@000161e0.user.oftc.net 1386067948 Q * arekm Remote host closed the connection 1386067971 J * arekm ~arekm@000161e0.user.oftc.net 1386071164 M * ard daniel_hozac : http://linux-vserver.org/User:Groteblup 1386071803 M * daniel_hozac should be unblocked now 1386072785 M * ard tnx! 1386072818 M * ard (and now for some linkspam... 8-D) 1386073387 Q * Aiken Remote host closed the connection 1386075602 Q * fisted Remote host closed the connection 1386075628 J * fisted ~fisted@xdsl-87-78-185-225.netcologne.de 1386075644 Q * thierryp_ Remote host closed the connection 1386075884 J * thierryp ~thierry@zebra.inria.fr 1386076482 Q * Defaultti Quit: Quitting. 1386076690 J * Defaultti defaultti@lakka.kapsi.fi 1386077791 M * fback daniel_hozac: maybe you have a moment? I seem to have strange network-related issue after upgrade to 3.10 1386077950 M * daniel_hozac what's the problem? 1386078042 M * fback root@bro:~# ncontext --migrate --nid 131 ip rou get 157.158.0.4 1386078042 M * fback 157.158.0.4 dev if10 src 157.158.0.34 cache 1386078063 M * fback but the guest doesn't have interface in network 0 1386078172 M * fback it seems every guest gets *its* interface(s), but whole routing table 1386078181 M * daniel_hozac yes, that's always been the case. 1386078207 M * daniel_hozac those are the routes it will use either way. 1386078284 M * fback I have guests in two networks, say 0 and 1 1386078313 J * renihs ~arf@83-65-34-34.arsenal.xdsl-line.inode.at 1386078321 M * fback another host in network 0 tries to connect to my guest in network 1 1386078408 M * fback because the guest has whole table, it tries to respond via direct interface 1386078440 M * fback when the host does rpf-check, it ignores the response 1386078440 Q * thierryp Read error: Connection reset by peer 1386078455 J * thierryp ~thierry@zebra.inria.fr 1386078469 M * daniel_hozac yeah, this is how vserver networking has always worked. 1386078483 M * daniel_hozac you need to use source based routing to give the pertinent guests a different table. 1386078489 M * fback If I want to send replies via gateway, I have to use iptables or netns? 1386078527 M * fback I'm using rource based routing 1386078541 M * fback *source 1386078585 M * daniel_hozac with what rules and tables? 1386078630 M * fback http://paste.linux-vserver.org/31151 1386078692 M * ard In that case I would use netns... 1386078703 M * fback http://paste.linux-vserver.org/31152 1386078741 M * fback daniel_hozac: but as you said every guest gets whole routing table, I understand why it works like this 1386078762 M * daniel_hozac so you have no separate table for guests in the 1 network 1386078771 M * daniel_hozac add that and you should have what you want. 1386078774 M * fback now I wonder what's my best option to limit available routes, iptables or netns 1386078794 M * ard As I see it: ncontext is an ip filter on the ip stack (with some tricks to fix routing) 1386078849 M * renihs iptables doesnt limit/affect routes, i would say iproute + netns without having info about entire conversation 1386078854 A * renihs just wanted to jump in :p 1386078854 M * ard But I have very good experiences with netns, so I will always be advocating to use netns (combined with ncontext ;-) ) 1386078906 M * daniel_hozac if you need netns, then use it. using it for cases where source-based routing is sufficient is definitely overkill and just extra administration. 1386078928 N * l0kit Guest7885 1386078934 J * l0kit ~1oxT@0001b54e.user.oftc.net 1386078950 M * ard fback : the scripts on http://linux-vserver.org/util-vserver:SplitSharedNetworks is what I use at home, and variants of that is what I use at work. 1386078959 M * ard daniel_hozac is right on overhead 1386079033 M * ard But my experience is that if you have to use ip rule then you have to have a very good understanding of what you are doing. 1386079118 M * ard If you are doing netns you will have to setup the ip stack for every netns yourself. 1386079151 M * ard But usually that's a single interface with a default gateway. 1386079173 M * fback daniel_hozac: I added the second table, but it just turned where the problem appears: http://paste.linux-vserver.org/31153 1386079284 M * daniel_hozac just use ip route get ... from ... 1386079331 Q * Guest7885 Ping timeout: 480 seconds 1386079896 M * fback daniel_hozac: is there a way to check route from guest pov? 1386079920 M * daniel_hozac ip route get ... from ... 1386080866 J * treaki__ 9dabe817ad@p4FDF7BBE.dip0.t-ipconnect.de 1386081136 Q * treaki_ Ping timeout: 480 seconds 1386082113 M * fback daniel_hozac: does it work with ipv6 too? 1386082168 M * daniel_hozac sure, just add -6 1386082279 M * fback daniel_hozac: long time ago linux-vserver did not support multiple rt for ipv6, that's why I ask 1386082313 M * fback (it's easier than to recompile and find out it's not there :) 1386082499 M * daniel_hozac it's not Linux-VServer related. 1386082511 M * daniel_hozac if your mainline kernel supports it, it will get used. 1386082632 M * fback daniel_hozac: my experience is from time, when guest v6 suppost came with separate patch 1386083765 J * thierryp_ ~thierry@zebra.inria.fr 1386083765 Q * thierryp Read error: Connection reset by peer 1386085120 J * treaki_ 16ceb606bb@p4FF4B199.dip0.t-ipconnect.de 1386085354 Q * undefined Quit: Machine going to sleep 1386085513 Q * treaki__ Ping timeout: 480 seconds 1386086353 Q * thierryp_ Remote host closed the connection 1386087503 Q * Hunger Ping timeout: 480 seconds 1386091046 J * geb ~geb@mars.gebura.eu.org 1386092687 J * thierryp ~thierry@home.parmentelat.net 1386094772 N * Bertl_zZ Bertl 1386094793 M * Bertl morning folks! 1386096903 Q * thierryp Remote host closed the connection 1386098272 J * Aiken ~Aiken@2001:44b8:2168:1000:21f:d0ff:fed6:d63f 1386098643 J * SteeleNivenson ~SteeleNiv@pool-108-29-139-222.nycmny.fios.verizon.net 1386098838 J * thierryp ~thierry@home.parmentelat.net 1386099438 Q * thierryp Ping timeout: 480 seconds 1386099980 J * Hunger hunger@proactivesec.com 1386102442 J * thierryp ~thierry@2a01:e35:2e2b:e2c0:dda5:deca:61e4:6f2a 1386103586 Q * thierryp Ping timeout: 480 seconds 1386103720 J * thierryp ~thierry@2a01:e35:2e2b:e2c0:6825:f385:d479:a742 1386105382 J * bonbons ~bonbons@2001:a18:201:b801:8021:a8ba:b323:3b6b 1386105750 Q * thierryp Remote host closed the connection 1386105772 J * thierryp ~thierry@2a01:e35:2e2b:e2c0:6825:f385:d479:a742 1386106261 Q * thierryp Ping timeout: 480 seconds 1386107843 J * thierryp ~thierry@home.parmentelat.net 1386107915 Q * bonbons Quit: Leaving 1386109408 Q * thierryp Ping timeout: 480 seconds 1386110789 J * thierryp ~thierry@home.parmentelat.net 1386113012 Q * thierryp Ping timeout: 480 seconds 1386113241 J * thierryp ~thierry@home.parmentelat.net 1386114604 Q * fisted Remote host closed the connection 1386114926 J * fisted ~fisted@xdsl-87-78-185-225.netcologne.de