From: Rik van Riel (riel_at_conectiva.com.br)
Date: Wed 07 Nov 2001 - 13:35:17 GMT
On Wed, 7 Nov 2001, Sam Vilain wrote:
> An interesting point.
> What you want is something like chroot() for the networking stack.
> Maybe the iptables infrastructure has room for this.
> Can't you do what you want by simply using two default routes?
No need for things like that. Linux already supports
multiple routing tables and it is trivial to setup
routing in something like the following way, where
"SCTX" is security context.
HOST: 10.0.1.1 default routing table
SCTX 3: 10.0.1.3 routing table 3
This can be setup in something roughly like the
ip rule add from 10.0.1.3 table 3
ip route add default via <gateway> table 3
-- DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/