From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Sat 13 Aug 2005 - 11:51:08 BST
On Sat, Aug 13, 2005 at 09:37:13AM +0200, Dirk Ruediger wrote:
> Hi all,
> I just installed (that means 14 days ago) linux-vserver and run ~12
> vservers on one physical box running different services inside every
> vserver (mail server, web server, etc.). It works great! The iptables
> firewall (via firehol) is filtering all the traffic for the vservers.
great! sounds like the way it's supposed to be ...
> I wanted to have a DMZ and installed an additional network card to bind
> all these vservers to. But then I discovered the dummy device and want
> to change eth1 against dummy0 (after installing the dummy module ;-)
> and remove the additional network card from the server if it can be done.
sure, that can be done ...
> But first I want to know, if this is common =good) practice. Or should I
> rather tinker with bridge and tun devices? The mailing list shows many
> things possible (vlan, bridge, dummy), but I can't see, what the best
> practices are.
actually it doesn't really matter which device you 'bind'
the address to, because the interface will not be used
for outgoing packets (if it isn't the proper route, which
is very unlikely with a dummy device) and it will not
be used for local traffic either ...
bridge/tun sounds funny, but nobody could explain to me
the purpose/feature/idea behind that ...
> If I can gather all th information needed, the I am willing to write
> some doku in the wiki at linux-vserver.org :-)
so IMHO dummy0 should be what you want, but don't assume
that packets will originate from there or leave through
this interface (otherwise your setup is very broken)
> Thanks for your advice.
> Vserver mailing list
Vserver mailing list