(TL note: nareshov's diary)

Archive for the ‘LAN’ Category

OpenVZ on a Softlayer managed server

leave a comment »

A post to record list of changes that were made to the configuration to get networking to work within the VZ containers on a managed hardware node.

Softlayer provisions CentOS machines with two bonded network interfaces: bond0 connected to their private network and bond1 to the public. We got a “portable” private network subnet and got them converted to “routed to subnet” so that all IPs in that subnet are usable (instead of 3 of them getting reserved into a broadcast IP, gateway IP and broadcast IP).

OpenVZ sends ARP requests when it’s trying to initialise a container and the interface to which the requests are to be sent has to be explicitly specified in this multi-network case. So, fix the NEIGHBOUR_DEVS variable in /etc/vz/vz.conf before you pick IPs from your portable subnet pool and start assigning it to your containers.

With that, you should be able to ping these containers from other nodes in your primary private subnet and vice versa. But you won’t be able to ping public IPs from within the containers yet. This doesn’t require you to assign public IPs to the containers too. A NAT rule on the host node should fix this: iptables -t nat -A POSTROUTING -o bond1 -j MASQUERADE

Took me a while to recall/realise that the lack of ARP requests in SL’s network was necessary. The NAT rule was something I found later on on the internet.

Written by Naresh

April 19, 2012 at 4:04 pm

Posted in LAN, Software

Using Dnsmasq to serve from a central /etc/hosts

leave a comment »

Recently at $work, I came across a situation where: a. public DNS records are served off of a GoDaddy account and b. a couple of domain names needed a office network-wide override pointing it to IPs in the local network.


dig +short @

<returns public IP>

dig +short

<returns private IP>

If there aren’t too many consumers for this name resolution, we could’ve done with putting in entries into /etc/hosts on each consumer host. But our consumer hosts included a lot of android phones. And we didn’t want to root them all to be able to modify their /etc/hosts.

If we were running our own DNS server in our DMZ, we could’ve configured the infamous split-DNS setup through BIND or tinydns. (Un)fortunately, we didn’t.

The first "workaround" to this was to maintain a duplicate zone for on our local DNS server (the one served by our DHCP server) and override the records as required. This would soon start to suck.

A colleague of mine – who didn’t take my word that the above two methods are our only options available – persevered through the PowerDNS docs and found an option where it could serve off the host’s /etc/hosts file. Now what was brilliant about this was, adding a ‘’ into /etc/hosts effectively solved the problem we had!

We didn’t really needed a full-fledged DNS server like PowerDNS and I looked if dnsmasq could solve the same problem – and it does.

[root@blr-vbox1 ~]# egrep -v ‘^#|^\B+’ /etc/dnsmasq.conf

Our ISP’s DNS servers go into /etc/resolv.conf.isp

Ensure that the host that’s running dnsmasq has only ‘nameserver’ in /etc/resolv.conf and put in all your entries to be served into /etc/hosts.

Written by Naresh

December 2, 2011 at 12:12 pm

Posted in LAN, Work Life

Updates as of 25th Feb., ’09

with 3 comments

Hello. I’ve got some fresh news here –

Getting back to the post, a lot of things, as usual, have happened in the past couple of months. FOSSKriti- IITK’s FOSS event during Techkriti was once again organised this year and turned out pretty well. Here‘s a longer account.

More interesting updates in the campus include the introduction of a modern internet service in the campus. I can now stop looking for alternatives to necessary applications with HTTP(connect) proxy support. Our campus can now boast of a 1GBps internet connection (the whole country’s bandwidth is apparently 33GBps). Back then (four years ago), we started off with a measly 2MBps connection which went higher and higher up with time – eventually leading us all to this pleasant surprise. Well, pleasant or not is another day’s debate… approx 4.5 crores p.a. for such bandwidth (turns out to about 1lac per day!).

OS update: Used Windows Vista for more than a semester, then Windows 7 Beta for about a couple of weeks or more. Now on Debian 5.

Music update: check my page.

Written by Naresh

February 25, 2009 at 5:37 pm