[vserver] IPtables, network namespaces

From: Christian Balzer <chibi_at_gol.com>
Date: Wed 21 Mar 2012 - 13:30:22 GMT
Message-ID: <20120321223022.4b2c4a90@batzmaru.gol.ad.jp>

Hello,

Every once in a while (actually more frequent than that) the need for
iptables in a guest creeps up. And I'm not just talking about cases where
people want to use iptables because it's the only hammer they know beat
packets into submission.

Scouring this ML finds only a few mentions, most of them completely
outdated and I'm happy that I at least remembered reading about this more
than 2.5 years ago and coming up with the net namespaces search string as
well.

I believe any host based iptables (as in some client tool messaging
something on the host to manipulate a client specific iptable) is
cumbersome at best and prone to abuse at worst.
Given the functionality of net namespaces, has anybody in the past 2.5
years successfully used this with Vservers to set up fully functional
client network interface? Care to share your knowledge/experiences?

No trace of this in util-vserver for now, AFAIK.

Regards,

Christian

-- 
Christian Balzer        Network/Systems Engineer                
chibi@gol.com   	Global OnLine Japan/Fusion Communications
http://www.gol.com/
Received on Wed Mar 21 13:30:36 2012
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 21 Mar 2012 - 13:30:36 GMT by hypermail 2.1.8