About this list Date view Thread view Subject view Author view Attachment view

From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Fri 09 Nov 2001 - 17:53:41 GMT

On Thu, 8 Nov 2001 20:43:35 -0500, Luc Stepniewski wrote
> Is it normal that when I am in a vserver, I can see the other network
> bindings, when I do a 'netstat -vatpn' ?
> Shouldn't they be hidden ?

It is normal, well, for now. We will work on more virtualisation, hiding

> Another question: Is there a way to allow access to in a
> vserver (the main IP, from eth0, AND without compromising
> security ?

Currently, what we do is changing /etc/hosts so that localhost points
to the IP of the vserver. So far, this tricks seems to please all packages
we tried.

The solution would be to remap to the ipv4root on a connect
call. This could solve some problem for software explicity calling this
IP instead of localhost.

Software trying to bind to is another problem (putting a service
on or localhost). They would probably end up trying to
bind on and then their vserver IP, so if we swap
to the vserver IP on every call, we could end up confusing the caller.

A total solution would be to virtualise completly.


What about this trick. We create two IP aliases per vserver

        eth0:vser -> IP of the vserver
        lo:vser -> 127.0.0.N

(where N is the security context)

and we remap in connect and bind to 127.0.0.N So every
vserver would have its own loopback.

Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!

About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 06 Nov 2002 - 07:03:38 GMT by hypermail 2.1.3