On Sun, Feb 10, 2013 at 11:51 PM, Gordon Messmer <yinyang@xxxxxxxxx> wrote:
> On 02/08/2013 07:39 AM, Natxo Asenjo wrote:
>> Do you have any tips on how to reach vlan 5 on the virt host from vlan 1?
>
> Not without the configuration from your switch.
>
> The most likely problem is this: Your workstation is sending traffic to
> 192.168.5.10. The switch sends it through VLAN 5 to eth2 on your
> virtualization host. The host replies to that traffic using the correct
> address, but through interface eth0, since that is the only interface
> with a route to the workstation. Those packets would go to the default
> gateway. Either your switch or your default gateway may be doing
> ingress filtering, or reverse path filtering, or stateful firewalling.
> Any of those would block the reply traffic, and at least one of them is
> very likely in place by default on either an L3 switch or a router.
>
> What you're attempting to do is called multi-homing, and it's fairly
> complicated to do on Linux. You need to have multiple default routes,
> and you need the kernel to select the default route based on the
> addresses of the packets that it sends. That involves making multiple
> routing tables, tagging packets pre-routing, and using ip rules to
> select the appropriate routing table. Shorewall will simplify this if
> you use it to build your firewall rules.
thanks for the tips. Indeed, multi-homing needs 'advanced routing'
(yeah right) so I needed to add vlan info to the rt_tables file and
then create a rules-eth2 and route-eth2 files.
Now I can reach both nics from my workstation (finally ;-) ).
--
natxo
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
