Re: [Vserver] help with mulitple vservers on same ip:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
About this list Date view Thread view Subject view Author view Attachment view

From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Thu 11 Mar 2004 - 14:36:17 GMT

On Thu, Mar 11, 2004 at 08:41:09AM -0500, Chris Besignano wrote:
> I need to run a few different websites on my box using vservers. What
> method does everyone use to route the traffic from eth1 (externel
> interface, real ip) to the vservers bound to eth0 (internal ip,
> 192.168.x.x network)?

there is no way to _route_ traffic from eth1 to an
ip bound to eth0, what you want is to nat the
incomming connections to yield valid for the local
ips, for example:

iptables -t nat -A PREROUTING --dst <ext-ip> -p tcp --dport 80
        -j DNAT --to 192.168.0.1

keep in mind, that you cannot access different web
servers (running on different hosts/vservers) through
one external ip/port unless you use a smart proxy,
which knows how to read and forward the HTTP requests

if you want to reach the internet from a local ip
range, then you do similar on outgoing traffic:

iptables -t nat -A POSTROUTING --src 192.168.0.1
        -j SNAT --to <ext-ip>

> Darryl Ross wrote:
>
> >Dariush Pietrzak wrote:
> >
> >>>services in the host to ONLY bind the host's IP address, instead of all

that is what the v_* sysv scripts are for
(limiting _host_ services to just some ips)

HTH,
Herbert

> >> Not true.
> >>
> >>The whole point of vservers networking is that you can give some ip
> >>to thw
> >>whole server, and then when services inside bind to '0.0.0.0' they
> >>get anlo
> >>what was allocated for given vserver.
> >> If what you say was true, there wouldn't be much difference between
> >>vserver setup and chrooted services.
> >
> >
> >Did you read what he said??
> >
> >As per your quote above, emphasis is mine:
> >
> >> services in the __host__ to ONLY bind the __host's__ IP address
> >
> >which is exactly what you want to do. If you need to run a service in
> >the host, as well as inside the vservers (eg, ssh), you need to tell
> >the host sshd to only bind to the main IP, not the IP addresses of all
> >the vservers.
> >
> >Cheers
> >Darryl
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Thu 11 Mar 2004 - 14:37:12 GMT by hypermail 2.1.3