Very Computer

I'm working on the following setup:
- 1 Linux box with Kernel 2.4.26-vs1.27
- 2 Ethernet-NICs, each one connected to a different VLAN (and hence, to
different sets of IP subnets)
- by means of vservers, the whole thing should behave like two seperate
machines, each one offering public service via its own VLAN/subnet

So I have 3 'Linuxes' running: the master, and 2 vservers,
They need 3 IP addresses; I chose them to come from
3 different subnets like this:

master:~# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:0e:0c:5c:53:75 brd ff:ff:ff:ff:ff:ff
    inet 137.248.9.13/27 scope link eth0
    inet 137.248.9.13/24 brd 137.248.9.255 scope global eth0:rst1
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:0e:0c:5c:53:74 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.18/25 brd 192.168.1.127 scope global eth1
    inet 137.248.1.53/24 brd 137.248.1.255 scope global eth1:rsf1

The private address is used to administer the master, rsf1 and rst1 are, of
course, the vservers.

Now, since all routing is done in the common network stack of the master,
I have to make a source based routing decision there, i.e. make vserver rsf1
send its packets exclusively on dev eth1, and rst1 only on eth0.
So I set up 2 routing tables, the main one for master and vserver rsf1
(eth1), and a second one for vserver rst1 (eth0):

master:~# ip route show table main
137.248.1.0/25 dev eth1  scope link
192.168.1.0/25 dev eth1  scope link
137.248.1.0/24 dev eth1  proto kernel  scope link  src 137.248.1.53
default via 192.168.1.126 dev eth1

master:~# ip route show table 2
137.248.9.0/27 dev eth0  scope link  src 137.248.9.13
default via 137.248.9.30 dev eth0  src 137.248.9.13

Next I add the decision rule, ending up with:
master22:~# ip rule show
0:      from all lookup local
32765:  from 137.248.9.13 lookup 2
32766:  from all lookup main
32767:  from all lookup default

But it won't work. The vservers are configured like this
IPROOT="eth1:137.248.1.53"
IPROOTMASK=255.255.255.0
IPROOTBCAST=137.248.1.255
IPROOTDEV=eth1
ONBOOT=yes
S_HOSTNAME=rsf1
S_DOMAINNAME=none
S_NICE=
S_FLAGS="lock nproc"
ULIMIT="-H -u 1000"
S_CAPS="CAP_NET_RAW"

so I can, e.g. ping from inside a vserver.
Fro rsf1, things work fine, but if I try from rst1,
tcpdump -i eth0
does not show a single packet leaving the machine
on this interface. Instead, everything looks like routing
tabel 2 is never even touched (pings go out on eth0,
carrying the source address of the master).

So what on earth is wrong with the above setup?
Cheers, Martin

--
  Dr. Martin Pauly     Fax:    49-6421-28-26994            
  HRZ Univ. Marburg    Phone:  49-6421-28-23527

  D-35032 Marburg