Re: [vserver] Network isolation and VServer

From: Natanael Copa <natanael.copa_at_gmail.com>
Date: Wed 24 Oct 2007 - 12:32:49 BST
Message-Id: <1193225569.10950.8.camel@nc.nor.wtbts.org>

On Wed, 2007-10-24 at 13:14 +0200, Jon Bendtsen wrote:
> On Oct 23, 2007, at 4:46 AM, Daniel Risacher wrote:
>
> > My apologies in advance if this is re-opening old wounds.
> >
> > I recently set up VServer (mainly so I could run Zimbra w/ less pain)
> > and I found that the network isolation did not work the way I
> > (perhaps naively?) expected it to. (Mainly re: binding to TCP ports
> > and IPADDR_ANY.)
> >
> > I write this message to (1) determine whether my understanding of
> > VServer's functionality is correct, and possibly (2) suggest potential
> > improvements for discussion.
> >
> > How I think it DOES work
> > ------------------------
> >
> > * Host processes that bind to IPADDR_ANY can recieve connections to
> > any
> > host or guest address
>
> I think that just about the only process the Host system should run is
> SSH for remote management. Anything else should be in a vserver
> guest.
>

NTP should also run in the host.

-nc
Received on Wed Oct 24 12:33:08 2007

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 24 Oct 2007 - 12:33:13 BST by hypermail 2.1.8