vserver development mailing list: Re: [Vserver] Proxy, DMZ

Re: [Vserver] Proxy, DMZ:
vserver development mailing list
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Tue 28 Sep 2004 - 23:41:11 BST

Previous message: Herbert Poetzl: "Re: [Vserver] Proxy, DMZ"
In reply to: Christian Mayrhuber: "Re: [Vserver] Proxy, DMZ"

On Tue, Sep 28, 2004 at 04:55:01PM +0200, Christian Mayrhuber wrote:
> On Tuesday 28 September 2004 16:06, Gilles wrote:
> > Thanks for the pictorial description; I start to figure it out...
> >
> > Nevertheless, taking up from "lo as 2 doors", wouldn't it have
> > been clearer to have an alias for "lo", instead of a new
> > interface "dummy0" for the sole purpose of assigning it a
> > different IP address?

> > I.e. is it possible to have e.g. a "lo:dummy0" alias?
> > But maybe "dummy0" has yet other properties (?) that are
> > not apparent from the above explanation.
> >
> > Gilles
>
> lo is no real interface, lo simply repeats all network traffic

objection!

> to everyone who is listening on lo, no firewall rules, no two
> doors, nada. Lo is a big darn door where everything which
> wents out comes back in again.
>
> The dummy interface is the only "real" virtual network interface,
> able to do things like routing, firewall rules, etc.

whoa! not so fast ...

> Lo cannot do these things, it's fast, but no full fledged network
> interface.

okay, both interfaces (lo and dummy) _are_ special
in the way they handle packets sent _through_ them ...

here is a (not so much) simplified version of the
'transmit' function of them ...

static int loopback_xmit(struct sk_buff *skb, struct net_device *dev)
{
        stats->rx_bytes += skb->len;
        stats->tx_bytes += skb->len;
        stats->rx_packets++;
        stats->tx_packets++;

netif_rx(skb);
return 0;
}

static int dummy_xmit(struct sk_buff *skb, struct net_device *dev)
{
stats->tx_packets++;
stats->tx_bytes+=skb->len;

dev_kfree_skb(skb);
return 0;
}

> In short you can't make da door with lo, you need a real network
> interface card or the dummy network interface for that purpose.

local traffic is always sent via lo, which explains
(not only for my networking examples) why a ping to
a local ip address fails if lo is not configured ...

local or remote traffic is never sent via dummy, because
it just wouldn't return (it's basically /dev/null for
networking) ...

hope that helps a little,
Herbert

> --
> lg, Chris
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Previous message: Herbert Poetzl: "Re: [Vserver] Proxy, DMZ"
In reply to: Christian Mayrhuber: "Re: [Vserver] Proxy, DMZ"

About this list	Date view	Thread view	Subject view	Author view	Attachment view

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 28 Sep 2004 - 23:41:24 BST by hypermail 2.1.3