From: Gerrit Hoetzel (gt_at_hzhome.mine.nu)
Date: Sat 02 Nov 2002 - 18:42:20 GMT
How do you ensure that a vserver cannot establish a connection to a
program listening to 0.0.0.0 on the root system without denying loopback
capabilities for the vserver on its own IP ?
root-system (IP: 192.168.1.1):
ssh-server is listening to 0.0.0.0:22
vserver-system (IP: 192.168.1.10):
telnet-server is listening to 192.168.1.10:23
must not connect to 0.0.0.0:22
but may connect to 192.168.1.10:23
Currently I have the root-system running chbind' to 192.168.1.1 and have
the ssh-server listening to 192.168.1.1.
Is there a smarter solution ?
Thanks in advance