Date: Mon 04 Nov 2002 - 19:47:02 GMT
On Mon, 2002-11-04 at 06:48, Paul Sladen wrote:
> > I'm wondering how easy would it be to redirect binds and connections to
> > the localhost (127.0.0.1) to the server IP address instead
> This is what happens anyway.
Oops... I meant that the loopback is still visible and usable as
loopback from withing the vserver.
> Jacques is currently writing code so that binding to the default address
> within a vserver binds to all the IP addresses assigned to the vserver
> rather than the first one (this hasn't been done before because it is a
> technical pain).
This would be nice ;-)
> This will open up the possibility of having a local-loopback in the form of
> `127.1.0.ctx' with modifications to the mangling done above so that we still
> appear to be talking to `127.0.0.1'.
Yes. I think this will keep software which pretends to talk to the
loopback happy. So far tomcat4 is the only one I know of, but there're
others for sure.
Also, it would be a nice point in favor of "perceived" security of the
vserver to be able to bind to a loopback too.