From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Tue 28 Sep 2004 - 22:51:42 BST
On Tue, Sep 28, 2004 at 04:19:21PM +0200, Gilles wrote:
> > >
> > > +--------+ +------+
> > > DMZ | Apache |-----| Exim |------+ +---
> > > +--------+ +------+ | +----+ /
> > > |----| FW |------| Internet
> > > | +----+ \
> > > +--------+ +------+ | +---
> > > Private | Mysql |-----| LDAP |------+
> > > +--------+ +------+ |
> > > |
> > > +-----+ +-----+ +-----+ |
> > > Users | A |---| B |---| C |--+
> > > +-----+ +-----+ +-----+
> > >
> > > but where there is one vserver for each of Apache, Exim, Mysql and
> > > LDAP, but all are in a single physical host. FW is another physical
> > > machine where there is a software firewall (maybe in its own vserver,
> > > as you suggested), and A, B, C are end-users physical machines.
> >
> > In the sense of routing/firewalling, you probably will gain something
> > out of this -
> > You could create multiple iptables with different default gateways,
> > per-dummyX-host firewalls, etc.
>
> An example, maybe, of what you mean?
>
> > However anyone connected on the same subnet (physical network, eg. on
> > the same HUB/SWITCH will be able to sniff all packets traversing the
> > network.
>
> But only if the data are targetted to one of the physical machines, not
> in the case of data transmission between vservers (within a single host).
>
> > Personally I would go for 802.1q vlan's, but that's my personal opinion.
>
> Thanks for the suggestion; I'll keep it mind, although I currently can't
> test this because my ethernet is 10Mb/s.
and how would that be related?
best,
Herbert
> Best regards,
> Gilles
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver