vserver development mailing list: Re: [vserver] Vserver and iptables ?

Re: [vserver] Vserver and iptables ?:
vserver development mailing list
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Paul Sladen (vserver_at_paul.sladen.org)
Date: Tue 26 Nov 2002 - 22:44:25 GMT

Previous message: Brian Ipsen: "[vserver] Vserver and iptables ?"
In reply to: Brian Ipsen: "[vserver] Vserver and iptables ?"

On Tue, 26 Nov 2002, Brian Ipsen wrote:

> My assumption is that everything needs to be configured in the "root"
> system,

Yes.

> and the allow/deny traffic for each individual vserver

Well, per *IP address*, but yes.

> - but is the vserver IP addresses seen as several virtual adapters on
> the "root" system

Nope, just plain IP aliases bound to the network interface. (This is why we
have the `problem' with bind(0.0.0.0) in the host server grabbing all the
addresses).

> - or how do I construct my chains ??

"Normally."

iptables -A INPUT -i eth0 -d 1.2.3.4 [...etc]

-Paul

-- 
Nottingham, GB

Previous message: Brian Ipsen: "[vserver] Vserver and iptables ?"
In reply to: Brian Ipsen: "[vserver] Vserver and iptables ?"

About this list	Date view	Thread view	Subject view	Author view	Attachment view

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 26 Nov 2002 - 22:59:36 GMT by hypermail 2.1.3