From: George (thumper_at_acun.com)
Date: Fri 24 May 2002 - 22:15:45 BST
I wanted to solve a problem and use one physical machine.
How I would like it to work:
I have a wan card connecting to a frame-relay network.
I have a 4 port ethernet card to make my local connections.
Now I've had problems with the single machine (no vservser) even with iptables
because the wan connects ( are all bridged to eth0 ( in this example ) and
several types of traffic are difficult to keep off of the LAN, thus the need
to connect to a non-bridged box for routing and filtering of trash.
As far as I can tell vservers bind to 1 address or all addresses, I need to
define a range of ip's to bind to to make this work.
This assumes that the bridge does not poison the network at some lower level.
Wan bridged to eth0, eth0 and all wan ips defined in a vserver as *bridge*
eth0 physically connected to eth1 by crossover cable.
eth1, eth2, and eth3 are bound to the vserver as *router*
the root server should not have any access anywhere.
This works with 2 machines, but, would be cool to do it with 1 and vservers.
Sub note: Add to feature wish list: definable ranges of ips to allow vservers
to bind to.