route WAN through eth0 and LAN through eth1 for containers with VENET only?

[Ruben Waitz]

Hi,

Suppose there are 2 hardware nodes with two nics (eth0 and eth1).

Is het possible to route OpenVZ-container's WAN traffic through eth0 and LAN traffic through eth1, in such a way that only VENET is used? (I know it's possible with VETH)
I've tried some configurations but it seems that LAN communication between two containers on separate (!) hardware nodes is inpossible. It looks like LAN traffic is routed via the WAN gateway.

Hardware setup
HN01 + HN02: hardware nodes with proxmox VE
Hardware nodes have 2 nics: eth0 to WAN switch, eth1 to LAN switch


IP setup

HN01 (eth0=wan, eth1=lan)                   HN02 (eth0=wan, eth1=lan)
|                                           |
vmbr0->bridge->eth0 WAN IP: 85.12.102.11    vmbr0->bridge->eth0 WAN IP: 85.12.102.21
vmbr0:0->bridge->eth1 LAN IP: 192.168.0.11  vmbr0:0->bridge->eth1 LAN IP: 192.168.0.21
 \                                          \
  Openvz Container 101                       Openvz Container 201
  |                                          |
  venet0   wan IP: 85.12.102.12              venet0   wan IP: 85.12.102.22
  venet0:0 lan IP: 192.168.0.12              venet0:0 lan IP: 192.168.0.22

Checking local IP connection

@HN01 ssh:         ping 192.168.0.12  --> Result: success (ping from node's "own" container)
@HN01 ssh:         ping 192.168.0.21  --> Result: success (ping from node to other node)
@Container101 ssh: ping 192.168.0.11  --> Result: success (ping from container to "own" host node)
@Container101 ssh: ping 192.168.0.22  --> Result: FAIL (ping from container on node01 to container on node02)

Anybody succesful with this?

Thanks in advance.

Ruben