[nzlug] Routing Tables

Kealey, Martin, ihug-NZ Martin.Kealey at vodafone.com
Mon Jun 9 10:07:37 NZST 2008 

nzlug-bounces at linux.net.nz wrote:
> Basically in my machine I have 2 ethernet devices - eth0 and eth1.
> 
> eth1 is a link to the internet. I don't really want eth1 to talk to
> this computer. Instead, I'm running a virtual machine on the computer
> and only really want it talking to the virtual machine.
> 
> So I set up my routing table as follows:
> 
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref Use Iface
> 192.168.0.0      *             255.255.255.0    U  0 0 0 eth0
> default          vm.nevnet     0.0.0.0          UG 0 0 0 eth0 
> 
> However, if I disable the virtual machine and try to ping
> google.co.nz, it comes back a sucess. In otherwords, despite there
> being no information in the routing table, it still seems to find its
> way.
> 
> How would I isolate eth1 so that it can only talk to the vm and not
> to the system as a whole?

Firstly, what sort of VM? A real one (VMware), or a split kernel (Xen)? If you're running a split kernel then bets are off about route leakage, otherwise...

You need to configure eth1 with no functioning address. Strictly speaking, you can bring it "up" without assigning any addresses, however the older tools don't understand this; in particular you can't do that with /etc/network/interfaces. The next best option is to statically assign a loopback address to that interface (anything in 127.X.X.X/8) so any packets that leak out will be ignored by the next hop.

I suspect your default route is via the physical interface, into the VM, and thence routed out again?

If so, you want your default route to go via a virtual network that connects only to the VM.

-Martin
-- 
(Apologies to the list for the ridiculous verbage that appears below this line; please remove it when quoting any reply.)
-----------------------------------------------------------------------------------------------
Have you seen our website?.... http://www.vodafone.co.nz

Manage Your Account, check your Vodafone Mail and send web2TXT online: http://www.vodafone.co.nz/myvodafone

CAUTION: This correspondence is confidential and intended for the named recipient(s) only.
If you are not the named recipient and receive this correspondence in error, you must not copy,
distribute or take any action in reliance on it and you should delete it from your system and
notify the sender immediately.  Thank you.

Unless otherwise stated, any views or opinions expressed are solely those of the author and do
not represent those of Vodafone New Zealand Limited.

Vodafone New Zealand Limited
20 Viaduct Harbour Avenue, Private Bag 92161, Auckland 1030
Telephone + 64 9 355 2000
Facsimile + 64 9 355 2001

More information about the NZLUG mailing list