From: Sam Vilain (sam_at_vilain.net)
Date: Sun 15 Aug 2004 - 22:55:15 BST
Herbert Poetzl wrote:
>using 127.X.0.1 with X!=0 seems somewhat strange,
>what is the idea behind this? 'normal' vservers do
>not use lo device, because this is a security hole
>per definition ...
I thought that sharing the IP address 127.0.0.1 was the security hole,
and the only thing special about lo is that it is a dummy interface that
doesn't broadcast anywhere. The IP RFC specifies the whole of 127.* for
local host addresses (of course, glibc has an arguably broken #define of
INADDR_LOOPBACK = 127.0.0.1, so certain methods of opening a socket (eg,
ssh port forwarding) break).
Having said that, the times I've tried to set up vservers on the
loopback interface firewalling didn't work correctly (IIRC) so maybe it
is special in some wierd and historic way.
Vserver mailing list