From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sterling Windmill Subject: routed tap devices Date: Wed, 7 Jan 2009 09:00:08 -0500 (EST) Message-ID: <1576523211.2321231336808450.JavaMail.root@mail.ampx.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit To: kvm@vger.kernel.org Return-path: Received: from mail.ampx.net ([208.64.38.105]:58170 "EHLO mail.ampx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752113AbZAGOAL (ORCPT ); Wed, 7 Jan 2009 09:00:11 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.ampx.net (Postfix) with ESMTP id 77131C1826D for ; Wed, 7 Jan 2009 09:00:09 -0500 (EST) Received: from mail.ampx.net ([127.0.0.1]) by localhost (mail.ampx.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eRy11J3BYVOZ for ; Wed, 7 Jan 2009 09:00:08 -0500 (EST) Received: from mail.ampx.net (mail.ampx.net [208.64.38.105]) by mail.ampx.net (Postfix) with ESMTP id C5871C1826C for ; Wed, 7 Jan 2009 09:00:08 -0500 (EST) Sender: kvm-owner@vger.kernel.org List-ID: I am using kvm-82 on a 64-bit host and giving my virtual machines routed tap devices and utilizing proxy arp to provide them connectivity. My host has two ethernet adapters, one connected to the WAN and the other is a private link to another server with a private IP address. Even though I'm assigning device names (on the host) based upon mac address, it seems that depending upon the order in which the linux kernel sees my ethernet adapters they are behaving differently in terms of ip forwarding. If I run `ip link` I see eth1 listed before eth0 and a virtual machine running behind a tap device that is using ip forwarding sees eth1's IP as it's first hop in a traceroute. If I swap eth0 and eth1 (via their configuration), the first hop in the guest's traceroute is eth0's IP and `ip link` shows eth0 first. Is there a way to control this behavior other than switching physical ethernet adapters? I may be paranoid, but I don't want the virtual machines to "see" my private IP address when using standard tools such as traceroute. Anyone have any ideas?