From: Gerrit Hoetzel (gt_at_hzhome.mine.nu)
Date: Sat 02 Nov 2002 - 18:42:20 GMT

• Next message: Jacques Gelinas: "re: [vserver] fixing rpm hang under redhat 8.0"
• Previous message: Klavs Klavsen: "Re: [vserver] how to get a gentoo 1.4rc1 vserver to work"
• Next in thread: Jacques Gelinas: "re: [vserver] sharing loopback between vservers"
• Reply: Jacques Gelinas: "re: [vserver] sharing loopback between vservers"
• Maybe reply: Cathy Sarisky: "Re: [vserver] sharing loopback between vservers"
• Maybe reply: Cathy Sarisky: "Re: [vserver] sharing loopback between vservers"

How do you ensure that a vserver cannot establish a connection to a
program listening to 0.0.0.0 on the root system without denying loopback
capabilities for the vserver on its own IP ?

Example:

  root-system (IP: 192.168.1.1):
    ssh-server is listening to 0.0.0.0:22

  vserver-system (IP: 192.168.1.10):
    telnet-server is listening to 192.168.1.10:23
    must not connect to 0.0.0.0:22
        but may connect to 192.168.1.10:23

Currently I have the root-system running chbind' to 192.168.1.1 and have
the ssh-server listening to 192.168.1.1.

Is there a smarter solution ?

Thanks in advance
Gerrit

• Next message: Jacques Gelinas: "re: [vserver] fixing rpm hang under redhat 8.0"
• Previous message: Klavs Klavsen: "Re: [vserver] how to get a gentoo 1.4rc1 vserver to work"
• Next in thread: Jacques Gelinas: "re: [vserver] sharing loopback between vservers"
• Reply: Jacques Gelinas: "re: [vserver] sharing loopback between vservers"
• Maybe reply: Cathy Sarisky: "Re: [vserver] sharing loopback between vservers"
• Maybe reply: Cathy Sarisky: "Re: [vserver] sharing loopback between vservers"