On Sunday 07 January 2007 19:44, Oliver Welter wrote:
> Hi Oliver,
>
> > i'm trying to restrict access from one vserver to another vserver
> > running on the same machine. one is running on dummy0, the other one on
> > dummy1. i tried firehol and shorewall, but it just doesn't work. it
> > seems that all firewall rules are just ignored. what's so special with
> > the vserver networking? has anyone examples how to setup working
> > iptables rules that prevents access from one vserver to another?
>
> AFAIK it is not possible to restrict networking betwwen two guests as
> the pakets are switched directly on the shared interface and do not pass
> the iptables queues. There is a new network stack popping up at the
> horizon ("network-ng") but its not usable at the moment.
>
> Oliver
Hi Oliver,
All traffic does go through iptables, even local one!
Local traffic will leave through the OUTPUT chain and come in through the
INPUT chain, using lo interface.
In most cases though iptables is configured to accept all traffic that goes
through lo...
Bruno
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Sun Jan 7 20:39:40 2007