From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Wed 08 Sep 2004 - 09:38:35 BST

• Previous message: Brian: "[Vserver] DMZ with vserver"
• In reply to: Brian: "[Vserver] DMZ with vserver"
• Next in thread: Brian: "Re: [Vserver] DMZ with vserver"
• Reply: Brian: "Re: [Vserver] DMZ with vserver"

On Tue, Sep 07, 2004 at 10:56:36PM +0200, Brian wrote:
> is ist possible ore advisable to install vserver with a DMZ ?
>
> HOST
> eth0 = Internet
> eth0:0 = privat network
>
> Vserver1 for Webserver
>
> eth0 = Internet
> eth0:0 = privat network
>
> Vserver2 for Mail
>
> eth0 = Internet
> eth0:0 = privat network
>
> Vserver3 for mysql
>
> eth0 = privat network

hmm, well, as I see it, all packets will
be sent over the _same_ interface and all
servers will have access to both networks
(maybe even on the same ip ?) so I do not
see much security in that ...

maybe assigning just one private network
address to each vserver, and using S/DNAT
to map specific ports from/to the outside

HTH,
Herbert

> thanx, Brian
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

• Previous message: Brian: "[Vserver] DMZ with vserver"
• In reply to: Brian: "[Vserver] DMZ with vserver"
• Next in thread: Brian: "Re: [Vserver] DMZ with vserver"
• Reply: Brian: "Re: [Vserver] DMZ with vserver"