From: Russell Anthony (ranthony_at_siteturn.com)
Date: Wed 07 Aug 2002 - 20:00:10 BST
Will SSH depend on CAP_NET_RAW as well for some reason ? I can't seem
to get it to work and I have my config set the same way. I can't seem to get
ANY network interaction with my vserver.
On 7 Aug 2002 at 11:47, Cathy Sarisky wrote:
> > 1) You need to have CAP_NET_RAW set in the conf file for the vserver in
> > order to have any access to the internet. Without it you won't be able to
> > ping anything from within a vserver. I would guess that you won't be able to
> > see http/pop etc on the vservers without it hence the fact that someone
> > couldn't contact the vservers.
>
> You can definitely have internet access for a vserver without CAP_NET_RAW. You
> do lose ping, but tcp and udp work fine. I've currently got a vserver doing
> domain name service (using tinydns - not BIND), and several serving up web
> pages, accepting and sending email, etc. Actually, I'm happy to lose ping,
> since it reduces the likelihood (slightly anyway) of a vserver being used for a
> DoS attack.
>
> HTH,
>
> Cathy Sarisky
> www.acornhosting.net
>