1405302552 M * Bertl off to bed now ... have a good one everyone!
1405302564 N * Bertl Bertl_zZ
1405322799 Q * hijacker Quit: Leaving
1405325042 J * hijacker ~hijacker@bgva.sonic.taxback.ess.ie
1405326256 N * Bertl_zZ Bertl
1405326262 M * Bertl morning folks!
1405326408 M * hijacker morning
1405336501 J * fisted_ ~fisted@xdsl-87-78-234-226.netcologne.de
1405336596 Q * fisted Read error: Operation timed out
1405336596 N * fisted_ fisted
1405339678 J * s1aden ~paul@starsky.19inch.net
1405339791 Q * sladen Ping timeout: 480 seconds
1405342044 J * marbug ~marbug@94.139.54.22
1405342152 M * marbug in a vserver, I do want that all outgoing traffic will go through eth1, we added a line with iptables, but we need to change a line in sysctl too (net.ipv4.ip_forward=1) when I restart sysctl I'm getting some permission denied on this option. I tried adding NET_ADMIN to bcap, but it doesn't seem to be enough?
1405342252 M * Bertl you are using network namespaces?
1405342268 M * Bertl (not just IP isolation)
1405342339 M * marbug iptables -A FORWARD -s 0/0 -o eth1 -j ACCEPT
1405342353 M * marbug with this ruse I'm trying to put all the trafic to eth1
1405342366 M * marbug it's this what you mean ?
1405342372 M * Bertl no
1405342387 M * Bertl there are two ways to handle networking on a Linux-VServer guest
1405342408 M * Bertl the traditional IP isolation and the recently (from mainline) incorporated network namespaces
1405342435 M * undefined Bertl: grep CONFIG_NET_NS /boot/config?
1405342443 M * undefined (just for my personal clarification)
1405342479 M * Bertl well, enabled network namespaces are required but not an idication that the guest is actually using it
1405342487 M * undefined because i don't see a specific CONFIG_VSERVER_* option
1405342492 M * Bertl i.e. the guest can still be configured to use IP isolation
1405342510 M * Bertl (which again is the default)
1405342517 M * marbug I'm not sure wat the difference is between those two :)
1405342529 M * Bertl let me explain it then
1405342544 M * marbug owkey I'm listening
1405342550 M * Bertl IP isolation basically handles all IPs on the host, there is no guest specific networking involved
1405342557 M * undefined (i understand the conceptual difference in the two, i just don't know how to tell which is in effect)
1405342565 M * Bertl all Linux-VServer does is limit the IPs a guest can bind to (i.e. use)
1405342579 M * Bertl and the routes, interfaces, etc a guest process can see
1405342603 M * Bertl network namespaces on the other hand allow you to have a completely separate network stack for the guest
1405342615 M * Bertl which is connected to the host via virtual network cards
1405342652 M * Bertl thus IP isolation is faster and usually simpler, but not identical to what you have on a real host
1405342666 M * Bertl e.g. there is no routing between guest and host :)
1405342714 M * Bertl marbug: also note that the iptables rule above just says that you 'allow' arbitrary traffic forwarded through eth1
1405342718 M * marbug well this is a new vserver I've set up at work, installed on a centOS. At home I did the same install on Gentoo, thate I can confirm from results that the servers don't have a virtual networkcard as all services can't run on 127.0.0.1 and I need to specify their ip's
1405342729 M * Bertl i.e. it doesn't say anything about preference or routing or other interfaces
1405342730 M * marbug I assume it's the same with this vserver
1405342756 M * Bertl okay, so most likely you are using the traditional IP isolation
1405342769 M * undefined ah, ip netns list
1405342791 M * Bertl marbug: if that is the case, the real question is, what exactly do you want to accomplish?
1405342832 M * undefined and /etc/vservers/vserver-name/netns 
1405342899 M * marbug well we have 2 modems here, 1 modem is connected to eth0 the ther to eth1, we want to use eth1 to upload all the data and eth0 can be used as the network inside is also on that interface, so wecan use eth0 to log on the server and to push files etc and eth1 will only be used by the server to upload everything
1405342935 M * marbug undefined, ip netns doesn't exist :)
1405342950 M * Bertl debian? :)
1405342955 M * marbug nope
1405342963 M * marbug CentOS host, gentoo guest
1405342985 M * Bertl /sbin/ip ?
1405343015 M * marbug the command ip in the host does exist, but 'Object "netns" is unknown, try "ip help"' ;-)
1405343026 M * Bertl ah, so just old tools then
1405343047 M * marbug ah if that's the case, well it's CentOS for a reason ;-)
1405343061 M * Bertl anyway, so you have two networks on those interfaces, yes?
1405343070 M * marbug yes indeed
1405343081 M * Bertl e.g. a local/private network for eth0, and a public? network for eth1
1405343095 M * Bertl or at least a different private network to the modem/router
1405343121 M * marbug one with a 10.* ip which is the inside network on eth0 and a 192.* network on eth1 which all the outgoing data need to go through (eventually the download data too)
1405343144 M * marbug yes indeed Bertl 
1405343150 M * Bertl okay, so all you need is to configure your routing correctly on the host
1405343158 M * Bertl and give the required IPs to the guest
1405343179 M * Bertl if you want the guest to have only 'local' IPs (i.e. IPs on the inside network)
1405343198 M * Bertl then you need to masquerade traffic to the outside (i.e. the router/modem)
1405343215 M * marbug the guest already got the ip's and the 2 network cards, so that is already done :)
1405343232 M * Bertl okay, so the guest has one IP in 10.x and another one in 192.x
1405343240 M * marbug yes
1405343249 M * Bertl make sure that the 192.x is the first one specified in the guest config
1405343279 M * marbug that is on eth1
1405343326 M * Bertl check with 'cat /proc/virtnet/<nid>/info'
1405343327 M * marbug so actually if I switch the interfaces, everything would go through the intern network ?
1405343337 Q * undefined Quit: Closing object
1405343367 M * Bertl the first IP assigned to a guest is special in that way, that it gets selected if there is no clear route for the guest
1405343382 M * Bertl which in your case should be the 192.x IP 
1405343394 M * marbug yes, so actually thats the best option
1405343409 M * marbug so in case that first won't work, it will still select the 2nd one
1405343425 M * marbug I'll just switch it in the vSphere :-)
1405343438 M * Bertl guest config, not host naming
1405343460 M * Bertl i.e. doesn't matter if it is eth0 or eth1, it just matters when it is added to the guest
1405343470 M * Bertl (as I said, check with the cat)
1405343515 M * marbug ow yes
1405343530 M * marbug thought in the vserver I can't cat the /proc/virtnet as it doesn't exist
1405343540 M * Bertl host
1405343551 M * Bertl that's why it contains the <nid>
1405343777 M * marbug ah in the host you meant, I've switched the 2 dirs in /etc/vserver/vserver-name/interface and now I'm getting the right ip's, so 192.* on eth0
1405343806 M * marbug though I think I will need to remove an udev line
1405343846 M * marbug nvm :)
1405343847 M * Bertl switching the dirs is fine, changing the dev or ip entry is not required
1405343866 M * Bertl (unless you want to change the host devices for whatever reason)
1405343891 J * undefined ~undefined@71-90-160-105.dhcp.ftwo.tx.charter.com
1405343910 M * marbug changing the interface/0/dev is required to get the ip on the right interface
1405343922 M * marbug now I can see 192.* on eth0, lets do a speedtest again :)
1405343933 M * Bertl and eth0 is the one to the router?
1405343948 M * marbug the one which needs to go outside yes
1405343960 M * Bertl ah, interesting, you told me different before
1405343991 M * Bertl *differently even
1405344027 M * marbug no, both are connected to a router/modem, but 10.* needs to be accessed from the inside from the office, and 192.* needs to push everything outside 
1405344054 M * Bertl okay, no problem, as long as it is the right device :)
1405344077 M * marbug yep and if everything will first go through eth0 then it should be ok now :)
1405344104 M * Bertl it will go through eth0 if there is proper routing and no route points toward eth1 :)
1405344177 M * marbug hmm
1405344190 J * pmenier ~chatzilla@ACaen-651-1-133-55.w81-48.abo.wanadoo.fr
1405344280 M * marbug well it didn't work now when I test with speedtest, let me see what can be wrong :/
1405344551 M * Bertl try a 'ping -I <guest-ip> www.google.com' on the host and see where it ends up
1405344571 M * Bertl that is basically what you need to get to work properly, and which isn't Linux-VServer related
1405344641 M * marbug when I try both ip's 192.* isn't getting a reaction
1405344667 M * Bertl so either your 192.x IP is not routed properly or it is denied by the modem/router
1405344682 M * Bertl use tcpdump on the interfaces to see where the packet goes
1405344691 M * marbug I'll check the vSphere, give me a minute
1405344693 M * Bertl (and if you get any reply from the router)
1405344746 M * marbug same thing happens on the host, so it's probably not vserver related anymore
1405344771 M * Bertl yup
1405344787 M * marbug I can see the networkinterfac is on standby
1405344792 M * marbug that would be the problem
1405344806 M * marbug anyway, thanks it was a nice tip! :)
1405344829 M * Bertl you're welcome!
1405347639 J * FireEgl ~FireEgl@50-82-232-14.client.mchsi.com
1405348221 Q * Aiken Ping timeout: 480 seconds
1405348231 Q * jpierre03 Ping timeout: 480 seconds
1405348363 J * Aiken ~Aiken@d63f.h.jbmb.net
1405348680 J * jpierre03_ ~jpierre03@voyage.prunetwork.fr
1405348917 M * marbug hmmm after searching a bit more it seems vSphere wasn't the problem, and switching the interfaces didn't help :/
1405348960 M * Bertl show me your routing tables on the host 
1405348968 M * marbug whn I do route -n, I found out the routes in the guest and host changed and inside the guest of on the host, they have the same ip rules :/
1405348986 M * Bertl yes, that's expected with IP isolation
1405348998 M * Bertl and it is more than sufficient for your desired setup
1405349046 M * marbug http://apaste.info/cfr
1405349091 M * Bertl so, your default route goes through 10.0.0.1
1405349094 M * marbug so I it's hard to specify a specific eth inside a vserver guest
1405349095 M * marbug yes
1405349120 M * marbug when I add 192.168.1.1 the 10.* don't work anymore when I ping with -I
1405349122 M * Bertl but the idea is to have the guest use 192.168.1.x as default route, yes?
1405349129 M * marbug yes indeed
1405349184 M * Bertl so what you want is to configure multiple routing tables
1405349190 M * Bertl and use source based routing
1405349225 M * Bertl the steps in a nutshell are:
1405349233 M * Bertl 1) create a new routing table
1405349234 M * marbug what do you mean by source based routing ?
1405349252 M * Bertl 2) configure the routing table to have the device routes and the new default route
1405349269 M * Bertl 3) add a rule which selects the table based on the source IP of the guest
1405349270 P * undefined 
1405349298 M * Bertl for a linux system, there is no way to have two equally used default routes
1405349315 M * marbug nope that isn't needed :)
1405349336 M * Bertl how should the kernel decide when it should use 192.x and when 10.x ?
1405349339 M * marbug so with creating a new routing table, the guest and host will have seperated hosting tables ?
1405349364 M * Bertl basically you want e.g. www.google.com to be reached via 10.0.0.1 on the host, but via 192.x on the guest
1405349404 M * Bertl so you need to tell the kernel that it should process packets from the guest IP (192.x or 10.x) differently than the host
1405349405 M * marbug yes indeed
1405349422 M * Bertl this is done with  'ip rule ...'
1405349444 M * Bertl to make that work properly, you also need a table which is used for 'guest' packets
1405349466 M * Bertl the ip rule will then delegate routing to that table based on the source IP
1405349488 M * marbug hmmm, didn't knew splitting of with 2 network interfaces could be that difficult :)
1405349514 M * Bertl http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/
1405349542 M * Bertl it isn't dificult, it is rather simple and basic :)
1405349562 M * marbug I'll read it :)
1405349567 M * marbug I assume I need to do it on the host ?
1405349568 M * Bertl and also not Linux-VServer related :)
1405349591 M * Bertl yes, with IP isolation, always keep in mind, the networking happens on the host
1405350111 Q * jpierre03_ Ping timeout: 480 seconds
1405350745 J * jpierre03_ ~jpierre03@voyage.prunetwork.fr
1405351465 Q * mcp Ping timeout: 480 seconds
1405352457 J * Ghislain ~aqueos@adsl1.aqueos.com
1405354575 J * pmenier_ ~chatzilla@ACaen-651-1-216-158.w86-220.abo.wanadoo.fr
1405354812 J * bonbons ~bonbons@2001:a18:20d:1:8501:30a2:d26a:d7e3
1405354870 Q * pmenier Ping timeout: 480 seconds
1405354879 N * pmenier_ pmenier
1405355853 Q * Bertl Remote host closed the connection
1405357079 J * Bertl herbert@IRC.13thfloor.at
1405357192 Q * bonbons Quit: Leaving
1405357321 J * bonbons ~bonbons@2001:a18:20d:1:8501:30a2:d26a:d7e3
1405358122 Q * pmenier Quit: ChatZilla 0.9.90.1 [Iceweasel 24.6.0/20140610233912]
1405358610 Q * marbug Ping timeout: 480 seconds
1405358799 J * zerick ~eocrospom@190.187.21.53
1405360398 J * undefined ~undefined@00011a48.user.oftc.net
1405365711 J * mcp ~mcp@wolk-project.de
1405367880 M * Guy- should I prefer 3.13.11-vs2.3.6.11 or 3.10.43-vs2.3.6.8 if I'm upgrading from 3.5.7-vs2.3.4.3?
1405368056 M * Bertl probably 3.10.x unless you add the patches waiting for 3.13+
1405368087 M * Bertl this will change soon as I will finally have some time to get the new patches done
1405368203 M * Guy- thanks!
1405368896 M * Guy- in kernel/fork.c, should the vserver stuff happen before or after syscall_tracepoint_update(p);?
1405368922 M * Guy- it goes between spin_unlock(&current->sighand->siglock); and write_unlock_irq(&tasklist_lock);
1405368949 M * Guy- but the tracepoint_update was added to the vanilla kernel sometime between 10.43 and 10.48
1405369712 M * Bertl good question, will have to check later
1405370550 Q * bonbons Quit: Leaving
1405381920 J * fisted_ ~fisted@xdsl-87-78-186-47.netcologne.de
1405382034 Q * fisted Read error: Operation timed out
1405382034 N * fisted_ fisted