From: Huibert Alblas (halblas_at_weos.de)
Date: Thu 08 Aug 2002 - 08:50:10 BST
Am Mit, 2002-08-07 um 21.00 schrieb Russell Anthony:
> Will SSH depend on CAP_NET_RAW as well for some reason ? I can't seem
> to get it to work and I have my config set the same way. I can't seem to get
> ANY network interaction with my vserver.
on, ssh and the sshd do _not_ need any kind of extra CAPS to be
definened in your /etc/vservers/VSERNAME.conf.
We are running one sshd on the main server, bound to his IP only, and 3
sshd in vservers in a different subnet, all bound to their own ips, all
definened in /etc/ssh2/sshd2.config in all vservers.
These are all started from the normal /etc/init.d/ scripts in each
vserver. No hassle with v_sshd and so forth.
Just wanted to warn, before you're starting to look for clues in the
wrong places. :-)
weOs ag, development
> On 7 Aug 2002 at 11:47, Cathy Sarisky wrote:
> > > 1) You need to have CAP_NET_RAW set in the conf file for the vserver in
> > > order to have any access to the internet. Without it you won't be able to
> > > ping anything from within a vserver. I would guess that you won't be able to
> > > see http/pop etc on the vservers without it hence the fact that someone
> > > couldn't contact the vservers.
> > You can definitely have internet access for a vserver without CAP_NET_RAW. You
> > do lose ping, but tcp and udp work fine. I've currently got a vserver doing
> > domain name service (using tinydns - not BIND), and several serving up web
> > pages, accepting and sending email, etc. Actually, I'm happy to lose ping,
> > since it reduces the likelihood (slightly anyway) of a vserver being used for a
> > DoS attack.
> > HTH,
> > Cathy Sarisky
> > www.acornhosting.net
-- "I love deadlines. I like the whooshing sound they make as they fly by." -- Douglas Adams