About this list Date view Thread view Subject view Author view Attachment view

From: Klavs Klavsen (klavs_at_EnableIT.dk)
Date: Fri 01 Nov 2002 - 19:26:57 GMT


On Fri, 2002-11-01 at 16:57, Paul Sladen wrote:
> On 31 Oct 2002, Klavs Klavsen wrote:
>
> > that obviously goes wrong, as I have not defined an IP for my vserver.
> > shouldn't the script check for this - before trying to set up the
> > interface? No IP given - no interface set?
>
> I don't believe it was ever invisioned--you really don't want to be running
> your vserver on the same IP address on the host-server;
>
why not?

> kindof defeats the point.
>
I can't see it defeats the point at all. My point for using vserver is
to seperate the services I run on the same machine so if one gets hacked
the others are not affected, and so that I from the "real" server can do
file integrity checks that I can trust and thus now for sure if any
vserver has been hacked/cracked.

And in fact it is just annoying to have to do iptables redirection of
packages for my real IP, to the private-IP's on the vserver - and I do
like that this way, I don't have too. Ofcourse there are also good
reasons for doing so, as any vserver can't just start up a service and
expect it to be accessible - but that's a calculated risc I'm taking.

> The script needs fixing to at least complain that you haven't give it any
> (zero) IPs.
>
I think it should be able to allow for running a vserver on the same
IP/Interface. f.ex. If I had a several Interfaces, and I wanted to
dedicate one for each vserver - it would be annoying and a waste of
time, to have to setup an alias on each interface and rewrite traffic.

> For the moment either make the required 3/4 lines of changes to the vserver
> script or set the IPROOT="" to the address of the host-server and then use:
>
> vserver --nodev
>
> to start it up, which might work since it doesn't cause the device alias to
> be setup (it might not do the chbind() either, so you'll want to check that).
>
>
I'll try that. Tnx for your input.

 

-- 
Regards,
Klavs Klavsen

--------------| This mail has been sent to you by: |------------ Klavs Klavsen - Open Source Consultant klavs_at_EnableIT.dk - http://www.EnableIT.dk

Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA Fingerprint = 2873 188C 968E 600D D8F8 B8DA 3D3A 0B79 7E06 3C62 ---------------------------------------------------------------- Open Source Software - Sometimes you get more than you paid for. -- unknown


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 06 Nov 2002 - 07:03:43 GMT by hypermail 2.1.3