From: Cathy Sarisky (sarisky_at_pioneernet.net)
Date: Wed 07 Aug 2002 - 19:47:36 BST

• Next message: Russell Anthony: "RE: [vserver] DNS resolving problems in vserver"
• Previous message: Ian Douglas: "RE: [vserver] DNS resolving problems in vserver"
• Maybe in reply to: Johnny Carlsen: "[vserver] DNS resolving problems in vserver"
• Next in thread: Russell Anthony: "RE: [vserver] DNS resolving problems in vserver"
• Reply: Russell Anthony: "RE: [vserver] DNS resolving problems in vserver"

> 1) You need to have CAP_NET_RAW set in the conf file for the vserver in
> order to have any access to the internet. Without it you won't be able to
> ping anything from within a vserver. I would guess that you won't be able to
> see http/pop etc on the vservers without it hence the fact that someone
> couldn't contact the vservers.

You can definitely have internet access for a vserver without CAP_NET_RAW. You
do lose ping, but tcp and udp work fine. I've currently got a vserver doing
domain name service (using tinydns - not BIND), and several serving up web
pages, accepting and sending email, etc. Actually, I'm happy to lose ping,
since it reduces the likelihood (slightly anyway) of a vserver being used for a
DoS attack.

HTH,

Cathy Sarisky
www.acornhosting.net

• Next message: Russell Anthony: "RE: [vserver] DNS resolving problems in vserver"
• Previous message: Ian Douglas: "RE: [vserver] DNS resolving problems in vserver"
• Maybe in reply to: Johnny Carlsen: "[vserver] DNS resolving problems in vserver"
• Next in thread: Russell Anthony: "RE: [vserver] DNS resolving problems in vserver"
• Reply: Russell Anthony: "RE: [vserver] DNS resolving problems in vserver"