A user-mode-linux / virtual networking / zebra HOWTO!
Hello I've played around a lot with user mode linux and virtual networking under linux because I wanted to learn OSPF and BGP but had only a single computer to play with. What I came up with was a working setup consisting of three virtual hosts that are interconnected over three virtual networks with each other. These virtual networks are totally independent so that Zebras OSPFd, arp and tcpdump won't see a difference to a normal switched ethernet. I wrote a little HOWTO about this. I guess that people on an isp list are interested in it (it's a good way to teach trainees) so give me feedback :-) http://www.lathspell.de/linux/uml/ bye, -christian- -- Arp! Arp! - the mating call of the lonely packet -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
A user-mode-linux / virtual networking / zebra HOWTO!
Hello I've played around a lot with user mode linux and virtual networking under linux because I wanted to learn OSPF and BGP but had only a single computer to play with. What I came up with was a working setup consisting of three virtual hosts that are interconnected over three virtual networks with each other. These virtual networks are totally independent so that Zebras OSPFd, arp and tcpdump won't see a difference to a normal switched ethernet. I wrote a little HOWTO about this. I guess that people on an isp list are interested in it (it's a good way to teach trainees) so give me feedback :-) http://www.lathspell.de/linux/uml/ bye, -christian- -- Arp! Arp! - the mating call of the lonely packet
Re: User Mode Linux
* [EMAIL PROTECTED] [EMAIL PROTECTED] [2003-01-20 06:53]: Do I try and run this all on the 'one box'? or should I create 4x UserModeLinux environments and run each one in its own 'jail' This will cost a _lot_ of performance. If you worry much about security, it would be better to use one or more extra machines for this services. Regular security patching and a chroot environment for every daemon should be also sufficient. For me it's a performance question. Greets, Matthäus Wander -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: User Mode Linux
On Mon, 20 Jan 2003 06:35, [EMAIL PROTECTED] wrote: Do I try and run this all on the 'one box'? or should I create 4x UserModeLinux environments and run each one in its own 'jail' Running UML efficiently requires a patch to the kernel that hosts the UML's, and it also requires significantly more RAM and disk speed than is otherwise needed. If you use SE Linux then you get all the security benefits you would gain from UML and more. But SE Linux is easier to manage and has less performance overheads. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: User Mode Linux
The FTP server and IMP cause me the most concerns Any ideas? Anyone used UML and changed back? UML is not solution here. For security use capabilities system along with chroot environments. Check out http://www.grsecurity.org/papers.php , http://www.openwall.com/linux , man chroot. Of corse dedicated machines for smtp/pop3/imap, web/ftp, sql, dns are better, but still consider using some system wide security system. Andrew. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: User Mode Linux
On Mon, 20 Jan 2003 15:15, Andrius Adomaitis wrote: The FTP server and IMP cause me the most concerns Any ideas? Anyone used UML and changed back? UML is not solution here. For security use capabilities system along with chroot environments. Check out http://www.grsecurity.org/papers.php , http://www.openwall.com/linux , man chroot. Of corse dedicated machines for smtp/pop3/imap, web/ftp, sql, dns are better, but still consider using some system wide security system. Grsec and similar kernel patches are good. However one problem that they face is that you don't have a single system image any more. If you have separate chroots for mail delivery, POP, DNS, FTP, and Apache then you have 5 different environments to keep up to date with security patches etc. If you use SE Linux then you get more isolation between processes than you get in a chroot on a non-patched kernel, and you get a single system image so that dselect can be used once to update things. Also it should be noted that if you use separate hardware for the separate services then you need to have different passwords on the different machines... -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
User Mode Linux
Hi all! Am currently going through that stage of deciding whether to use user mode linux or not. The situation is the following... I have 1 server and need to run the following applications. * DNS (Primary) * Mail Service - IMAP - SMTP Mail: Postgres or Sendmail - still deciding - IMP - For web Mail * Web Server running custom app - Apache with ModPerl - a few perl daemons... * Private Web Servers - Apache - FTP Do I try and run this all on the 'one box'? or should I create 4x UserModeLinux environments and run each one in its own 'jail' The FTP server and IMP cause me the most concerns Any ideas? Anyone used UML and changed back? Thanks Andrew -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
User mode linux...
Hi. Does anyone try the User Mode Linux to do virtual hosting? Is the UML enought secure for this? In the web page said that virtual hosting is posible but he doesn't know of anyone who's doing this... thanks in advance. -- Jator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: User mode linux...
quote who=J Does anyone try the User Mode Linux to do virtual hosting? Is the UML enought secure for this? In the web page said that virtual hosting is posible but he doesn't know of anyone who's doing this... When I described doing this as batshit insane at linux.conf.au earlier this year, Jeff Dike smiled and nodded. :) I wasn't expecting him to pick up the Australian lingo, but I think he had a fair idea of what I was saying. You're honestly better off running simple chrooted systems or something like that. UML is great for various things (such as kickarse kernel debugging), but at this stage, it's not ready for doing something like this. Really CPU intensive. - Jeff -- She said she loved my mind, though by most accounts I had already lost it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
User mode linux...
Hi. Does anyone try the User Mode Linux to do virtual hosting? Is the UML enought secure for this? In the web page said that virtual hosting is posible but he doesn't know of anyone who's doing this... thanks in advance. -- Jator
Re: User mode linux...
quote who=J Does anyone try the User Mode Linux to do virtual hosting? Is the UML enought secure for this? In the web page said that virtual hosting is posible but he doesn't know of anyone who's doing this... When I described doing this as batshit insane at linux.conf.au earlier this year, Jeff Dike smiled and nodded. :) I wasn't expecting him to pick up the Australian lingo, but I think he had a fair idea of what I was saying. You're honestly better off running simple chrooted systems or something like that. UML is great for various things (such as kickarse kernel debugging), but at this stage, it's not ready for doing something like this. Really CPU intensive. - Jeff -- She said she loved my mind, though by most accounts I had already lost it.
