Re: [vserver] Share Single Ip between guests

From: Oliver Welter <mail_at_oliwel.de>
Date: Sat 08 Mar 2008 - 14:52:33 GMT
Message-ID: <47D2A831.8040005@oliwel.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi György

> "Oliver Welter" <mail@oliwel.de> írta 2008-03-08 13:11-kor:
>> Hi Pasztor,
> ;-) In hungary, we write our family name first...

So, still anybody who here who says internet does not teach you :=)

>>>> I have one IP assigned to the host box and a second one, which should
>>>> point to the services. For maintenance reasons we want to have each
>>>> service in a single vserver but do not wnat to assign a single IP to
>>>> each of them.
>>> In that case, use iptables nat rules.
>> iptables is not an option as some of the services
>> * use dynamic port ranges
>> * are not capable of doing nat
> Would you explain it?
> The iptables do the nat, not the application.
> At the --dport param, you can give port ranges.
> Iptables have nat helpers, eg. for ftp.
> So what service you want to run, which for the nat is not appropriate?
> If you give more details, we can give better help/solution.

Even if Daniel gave the answer already, I will explain the problem - we
have an application based on Java that works similar to ftp, but as the
connection is secured via SSL (and I dont know the exact protocol), I
can not read the traffic and setup additional rules to route the RMI
connections to the correct host. I might cover that assigning the usual
port ranges that the app uses, but I consider this a bad hack, as it
will break connections of other services that accidential use these
ports. Besides, the application autmagically uses its own listening
adress in the negotiation with the client which than gets confused as
the receviced connection paramters do not match the expected IP.

Anyway - thx for your help :)

Oliver

- --
Protect your environment - close windows and adopt a penguin!
PGP-Key: 3B2C 8095 A7DF 8BB5 2CFF 8168 CAB7 B0DD 3985 1721
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH0qgwyrew3TmFFyERAqQaAJ9ytnSfK3fGS22ZV7S81y+cPorW7QCfagpo
FC3bMkSBmzxUNIX5Y2gPzCM=
=177Q
-----END PGP SIGNATURE-----
Received on Sat Mar 8 14:52:48 2008

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sat 08 Mar 2008 - 14:52:51 GMT by hypermail 2.1.8