About this list Date view Thread view Subject view Author view Attachment view

From: Cathy Sarisky (sarisky_at_pioneernet.net)
Date: Wed 07 Aug 2002 - 19:47:36 BST


> 1) You need to have CAP_NET_RAW set in the conf file for the vserver in
> order to have any access to the internet. Without it you won't be able to
> ping anything from within a vserver. I would guess that you won't be able to
> see http/pop etc on the vservers without it hence the fact that someone
> couldn't contact the vservers.

You can definitely have internet access for a vserver without CAP_NET_RAW. You
do lose ping, but tcp and udp work fine. I've currently got a vserver doing
domain name service (using tinydns - not BIND), and several serving up web
pages, accepting and sending email, etc. Actually, I'm happy to lose ping,
since it reduces the likelihood (slightly anyway) of a vserver being used for a
DoS attack.

HTH,

Cathy Sarisky
www.acornhosting.net


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 06 Nov 2002 - 07:03:42 GMT by hypermail 2.1.3