Re: [vserver] 3 basic questions

From: Michael <michael.auckland_at_gmail.com>
Date: Mon 10 Aug 2009 - 08:37:22 BST
Message-ID: <35207fdf0908100037t2decd4c1v2683aac2c256ea5e@mail.gmail.com>

Why not to make something sinmilart to openvz - optiuonallly emaulte eth?

I think it will make a great improvents to vserver.

PS. I like vserver so mush ( but don't have all required skill to extend it.)
emulation of eth will let to use iptaBLES, VPN, DHCPD, SAMBA,, ETC...

On Mon, Aug 10, 2009 at 11:38 AM, Ed W<lists@wildgooses.com> wrote:
> Michael wrote:
>>
>> Is it possible to use iptables in VPS?
>> The only part that holds me into openvz.
>>
>> I need to use iptables inside VPS not on the host.
>>
>>
>
> Someone else will no doubt correct me, but as I understand it you can grant
> any guest any capability you wish, including the ability to fart with the
> network stack.  However, obviously any guest which can run iptables can
> implicitly also take down the network card and potentially cause problems
> for other instances sharing that card (ie the network stack ain't
> virtualised)
>
> If this isn't a problem I think you just grant your image a capabilities
> flag and off you go?
>
> Another option would be to setup some kind of IPC back to the host and that
> would then vet the iptables options and implement them on your behalf... I
> think this has been discussed in more oblique forms before, but not sure how
> easy it would be to google for these threads... (perhaps on "ipc"?)
>
> I think a final issue is that the vservers appear to iptables as local
> processes (which they are) and this has certain implications for the way you
> need to use iptables which are a bit peculiar and catch a bunch of folks
> out.  Basically stuff doesn't go through the forward chain like you might
> expect, but only sits on the INPUT (or something like that??)
>
> Good luck
>
> Ed W
>

-- 
--
Michael
Received on Mon Aug 10 08:37:42 2009
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 10 Aug 2009 - 08:37:43 BST by hypermail 2.1.8