From: Martin List-Petersen (martin_at_list-petersen.se)
Date: Wed 19 Nov 2003 - 07:38:28 GMT
Citat Holger Rabbach <hrabbach_at_crossroad-networks.com>:
> >courier-imap / courier-pop3 is one of programs, that tries to bind "*"
> >at ipv6 level only and thus also asks for ipv4 addresses. However that
> >way it circumvents your vserver contexts and binds port 143 (or port
> >110) at all ip's.
> yep - there's a simple way around that, of course - tell the Courier
> daemons which IPs to bind to or disable ipv6 when building Courier from
Courier prefers ipv6 over ipv4 (as does many other ipv6 enabled software
packages), so it tries to use that when available.
Compiling without ipv6 will solve the problem for courier, but not the security
issue, where any vserver can see any interface on an "ifconfig", including the
ones from other vservers and ports on all ipv6 AND ipv4 ip's can be bound simply
by binding "*" on ipv6 level.
Disabling ipv6 support in the kernel make vserver behave correctly again.
On my development machine i use ipv6 and i don't want to disable it. However,
the vservers there are only for my personal use.
For production i never would recommend to mix ipv6 + vserver, as long as the
ipv6 implementation hasn't been done by somebody.
martin at list-petersen dot se
-- BOFH excuse #218:
The UPS doesn't have a battery backup.
_______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver