From: Peter Kwan Chan (peterkwanchan_at_yahoo.com)
Date: Wed 15 May 2002 - 02:41:00 BST
I am not a networking expert, but if I may ask, would iptables work? I
can imagine that you can setup rules so that no traffics coming from the
outside can get in, or vice versa.
Peter
-----Original Message-----
From: Billy Hager [mailto:whager_at_bellsouth.net]
Sent: Tuesday, May 14, 2002 3:40 PM
To: vserver_at_solucorp.qc.ca
Subject: [vserver] Virtual Network Devices
I am working with a computer which has one network card and runs one
vserver.
Outside the vserver the computer acts a print/nfs server for my local
network. Inside the shell server is a full Linux distrobution running
as a
shell server. I would like to set up a situation where no network
traffic
from the vserver ever goes anywhere else but the internet.
I don't want people on the vserver using my printer and poking around my
local
network. ;)
I would like to create a virtual network interface that I could connect
the
vserver to and filter with iptables. User Mode Linux(UML) uses virtual
network devices to manage its network, and I know I could use it.
Unfortunately, UML creates a layer of complexity that I don't want to
deal
with.
Is there another way that I can create a virtual network interface
without
using UML? TUN/TAP looks promising, and that's what UML uses to create
its
virtual network. Again, I have been unable to find a solution that
doesn't
use UML.
Does anyone know of any solutions that don't require UML?
Another option would be to buy a second network card and switch. The
vserver
would be bound to one card(eth0) and everything else would use the other
card(eth1). That's a $60+ solution, though, and I don't learn anything
in
the process. There must be a way to set up a virtual network.
Thanks in advance,
Billy Hager
whager_at_bellsouth.net