From: Paul Sladen (vserver_at_paul.sladen.org)
Date: Tue 26 Nov 2002 - 22:44:25 GMT
On Tue, 26 Nov 2002, Brian Ipsen wrote:
> My assumption is that everything needs to be configured in the "root"
> and the allow/deny traffic for each individual vserver
Well, per *IP address*, but yes.
> - but is the vserver IP addresses seen as several virtual adapters on
> the "root" system
Nope, just plain IP aliases bound to the network interface. (This is why we
have the `problem' with bind(0.0.0.0) in the host server grabbing all the
> - or how do I construct my chains ??
iptables -A INPUT -i eth0 -d 220.127.116.11 [...etc]
-- Nottingham, GB