On Wed, Jun 03, 2015 at 10:39:07AM +0300, Bogdan wrote: > Привет. > > Хочу дать возможность пользователю запускать приложение с биндингом на 80 > порт без использования conntrack (ибо само по себе узкое место нуждающееся > в тюнинге). При этом запускаемый бинарный файл приложения будет меняться. > > Посоветуйте, что тут можно сделать.
Network namespaces (CLONE_NEWNET, started in Linux 2.6.24 and largely completed by about Linux 2.6.29) provide isolation of the system resources associated with networking. Thus, each network namespace has its own network devices, IP addresses, IP routing tables, /proc/net directory, port numbers, and so on. Network namespaces make containers useful from a networking perspective: each container can have its own (virtual) network device and its own applications that bind to the per-namespace port number space; suitable routing rules in the host system can direct network packets to the network device associated with a specific container. Thus, for example, it is possible to have multiple containerized web servers on the same host system, with each server bound to port 80 in its (per-container) network namespace. -- To UNSUBSCRIBE, email to debian-russian-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150603100239.gg2...@nano.ioffe.rssi.ru