[Users] How to allow a container to send "spoofed" IP packets?
(for VPN tunnels without NAT)
Nils Toedtmann
lists at nils.toedtmann.net
Fri Mar 5 14:57:58 EST 2010
On 05/03/10 19:31, Antonio Querubin wrote:
> On Fri, 5 Mar 2010, Nils Toedtmann wrote:
>
> http://wiki.openvz.org/VEs_and_HNs_in_same_subnets
>
>> My problem is that i have a productive environment and i do not want to
>> reconfigure the networking for all containers. Can i have a mixed setup,
>> using veth for only some of the containers? (i am familiar with
>> routing/bridging/proxy_arp etc)
>
> At some point you'll need to move the host's own IP configuration to the
> bridge interface which would require a little bit of downtime but if
> you're quick the outage should be minimal.
What would worry me more is the chance to shoot myself in the foot while
doing that. But i think we are lucky: we use servers at Hetzner.de, and
they *route* additional IP addresses to the HN's main IP - no need to
bridge or proxy-arp the containers! So i should get away with internal
bridge interface(s) only.
Thank you, /nils.
More information about the Users
mailing list