[Debian] Re: Bug#597876: vzctl: Multiple "gateway" entries in /etc/network/interfaces trigger routing issues ("random" src address)

Ola Lundqvist opal at debian.org
Thu Sep 23 16:08:55 EDT 2010


forwarded 597876 http://bugzilla.openvz.org/show_bug.cgi?id=1659
thanks

Hi Daniel

Thanks a lot for the report. I will look into this shortly.

Best regards,

// Ola

On Thu, Sep 23, 2010 at 09:17:56PM +0200, Daniel Hahler wrote:
> Package: vzctl
> Severity: important
> Tags: patch
> 
> debian/patches/debian-add-ip.patch adds a gateway entry to every
> static(?) stanza in the interfaces file.
> 
> This caused weird issues on containers with multiple IP addresses being
> defined (e.g. an internal one and an external one).
> 
> What happened was that the interface being used for outgoing connections
> (the route) got picked up at random (and then got cached for some time).
> 
> I do not have the history for debugging this anymore though (because of
> HISTFILE=/dev/null, another bug), but it was easily reproducible by
> clearing the routing cache and then picking and displaying a route:
> 
>     ip route flush cache ; ip route get 8.8.8.8
> 
> Looking at the "src" value, this appeared to be random (but has been
> kept until clearing the cache, or/and some timeout).
> 
> ------------------------------------------------------------
> +create_config_has_gateway= # only add a single gateway line
>  function create_config()
>  {
>         local ip=$1
> @@ -95,9 +110,12 @@
>  iface ${VENET_DEV}:${ifnum} inet static
>         address ${ip}
>         netmask 255.255.255.255
> -       broadcast 0.0.0.0
> -       gateway ${FAKEGATEWAY}
> -" >> ${CFGFILE}.bak
> +       broadcast 0.0.0.0" >> ${CFGFILE}.bak
> +       if [ -z $create_config_has_gateway ]; then
> +               echo "  gateway ${FAKEGATEWAY}" >> ${CFGFILE}.bak
> +               create_config_has_gateway=1
> +       fi
> +       echo >> ${CFGFILE}.bak
> ------------------------------------------------------------
> 
> This can cause major problems when using e.g. MySQL authentication and
> only accepting logins from local addressed (which ich common practice).
> 
> 
> 

-- 
 --------------------- Ola Lundqvist ---------------------------
/  opal at debian.org                     Annebergsslingan 37      \
|  ola at inguza.com                      654 65 KARLSTAD          |
|  http://inguza.com/                  +46 (0)70-332 1551       |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------


More information about the Debian mailing list