Hi!
> I've five linux VServers, each with it's own _real_ IP address (not
> 192.168.x.y, 10.x, etc).
Those are real too ;) Just not supposed to be routed on the public Internet.
> Each one has it's own services but I'd like to
> close access from outside to some ports, but allow full communication
> between the guests. The guests have valid IP addresses so I think
> [DS]NAT is not needed.
No, there's no need for NAT'ing if you have assigned public IP addresses
to your vservers.
> I've readed that this must be done in the host, but I'm lost because my
> knowledge about iptables is nearly zero.
Yes, you need to specify your iptables rules on the host. There's
nothing special with vserver enable kernels and iptables. It works the
same way as on vanilla kernels.
The only thing you'll need to keep in mind, is that your vservers (on
the same host) will communicate over the loopback ('lo') interface.
However as you don't want to filter traffic between local vservers, this
won't be an issue to you.
> Could someone point me to some URL or doc?
I think this tutorial should be helpful to you:
http://iptables-tutorial.frozentux.net/iptables-tutorial.html
Hope this helps
Chris
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Wed Feb 14 18:32:30 2007