-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
>>> Is there any way to restrict a guest from accessing some
>>> interfaces or services of other guests?
>> The guest can only actively use the interfaces assigned to it (see the
>> "great flower page", /etc/vservers/<vserver-name>/interfaces about
>> that), however, it can connect to other guests' interfaces. So if you
>> talk about blocking network connections between the hosts, that would
>> be a firewall thing, you'd have to set up iptables to get there.
>
> Yes, I know. But I have not succeeded to restrict access by iptables,
> neither. It seems that no iptables rules are used when the IP packets
> are delivered inside the host. At least inside one device. Or do I
> have a bug in my rules?
Locally generated packages traverse somewhat different chains than
packets from the internet; when using the appropriate chains, they
should be filtered (well, it worked for me); as I currently don't have
any special treatments for specific packets, I don't have the right
chain in mind, you should be able to find it here, though:
http://www.faqs.org/docs/iptables/traversingoftables.html
Hope that helps,
Baltasar
((( Baltasar Cevc
) World wide web:
* http://www.openairkino.net/ (a project for the local youth; German
only)
* http://technik.juz-kirchheim.de/ (programming and admin projects)
* http://baltasar.cevc-topp.de/ (private homepage)
) Phone:
+49 176 232 20 822
)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFErX0Wp2YsmzTbIwYRAnX1AKDQuOA64V2saeseKyXhXf4CrWwxlQCcDrAX
dKeITADM5IvcpwJfujB8xmA=
=21Em
-----END PGP SIGNATURE-----
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Thu Jul 6 22:16:45 2006