Have you bound the host service to the host ip? Running it at
INADDR_ANY will result in the port being blocked in the guest.
Apart from that it depends on what the service does. Binding to
ports should work without any special capabilities - does the
log on the guests show anything interesting?
destination are the same?
As long as you don't give the NET_ADMIN or NET_RAW capabilities to the
guest, the users in there cannot spoof the IP.
baltasar
((( Baltasar Cevc
) World wide web:
# http://www.openairkino.net/ (a project for the local youth;
German only)
# http://techni
inet_acl = qw( 127.0.0.1 ::1 1.2.3.4 );
Hope that helps,
Baltasar
((( Baltasar Cevc
) World wide web:
# http://www.openairkino.net/ (a project for the local youth;
German only)
# http://technik.juz-kirchheim.de/ (programming and admin projects)
# http://baltasar.cevc-topp.de/ (pri
y slow when the machine was 99%
waiting for IO.
Baltasar
((( Baltasar Cevc
) World wide web:
# http://www.openairkino.net/ (a project for the local youth;
German only)
# http://technik.juz-kirchheim.de/ (programming and admin projects)
# http://baltasar.cevc-topp.de/ (private homepag
Hi Chuck
Quoting Chuck <[EMAIL PROTECTED]>:
is there a way to raise an individual interface device in a vserver without
restarting the entire server?
i am installing several vservers that will require various ip addresses for
specific SSL certs added one at a time but should not down the
ent
Hi Chuck
Quoting Chuck <[EMAIL PROTECTED]>:
is there a way to raise an individual interface device in a vserver without
restarting the entire server?
i am installing several vservers that will require various ip addresses for
specific SSL certs added one at a time but should not down the entire
that traffic on lo.
Hope that answers your question
Balatasar
((( Baltasar Cevc
) World wide web:
# http://www.openairkino.net/ (a project for the local youth; German
only)
# http://technik.juz-kirchheim.de/ (programming and admin projects)
# http://baltasar.cevc-topp.de/ (private homepa
command. Does
each vserver partition the output of its processes? If so, how do I
access this information?
You may use "vserver enter" and ps to display the processes in
one vserver.
To see all the processes running on the machine use 'vps' on the host.
Hope that helps,
Baltasa
kernel
as the host.
Baltasar
((( Baltasar Cevc
) World wide web:
# http://www.openairkino.net/ (a project for the local youth; German
only)
# http://technik.juz-kirchheim.de/ (programming and admin projects)
# http://baltasar.cevc-topp.de/ (private homepage)
) Phone:
+49 176 232 20
inux-VServer really rocks!
Baltasar
((( Baltasar Cevc
) World wide web:
* http://www.openairkino.net/ (a project for the local youth; German
only)
* http://technik.juz-kirchheim.de/ (programming and admin projects)
* http://baltasar.cevc-topp.de/ (private homepage)
) Phone:
+49 176 23
e Linux advanced routing and traffic control howto for
starting points).
Baltasar
((( Baltasar Cevc
) World wide web:
* http://www.openairkino.net/ (a project for the local youth; German
only)
* http://technik.juz-kirchheim.de/ (programming and admin projects)
* http://baltasar.cevc-top
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 22.10.2006, at 03:58, Herbert Poetzl wrote:
SRC=10.0.0.151 DST=10.0.0.151 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0
DF
PROTO=TCP SPT=5432 DPT=54937 WINDOW=32767 RES=0x00 ACK SYN URGP=0
Which is pretty strange since
- my firewall rules allow all c
re there will be a
simple
solution for both services.
Baltasar
((( Baltasar Cevc
) World wide web:
* http://www.openairkino.net/ (a project for the local youth; German
only)
* http://technik.juz-kirchheim.de/ (programming and admin projects)
* http://baltasar.cevc-topp.de/ (private h
and
to eth0 for example without the patched kernel. Vserver should not
change anything with Netfilter, except for the fact that you have to
set up the rules on the host and that the interface names may change.
Baltasar
((( Baltasar Cevc
) World wide web:
* http://www.openairkino.net/ (a pr
sue as the guest is allowed to change too many network settings then.
Hope that's a starting point, greetings from Regensburg, Germany
Baltasar
((( Baltasar Cevc
) World wide web:
* http://www.openairkino.net/ (a project for the local youth; German
only)
* http://technik.j
same as far as I know) can also be displayed using "uname -n".
If you are interested in the hostname associated with that IP (which is
what's
important to network services), use "host " if you have the
bind
DNS tools installed (which should be the case in most distributi
t worked for me); as I currently don't have
any special treatments for specific packets, I don't have the right
chain in mind, you should be able to find it here, though:
http://www.faqs.org/docs/iptables/traversingoftables.html
Hope that helps,
Baltasar
((( Baltasar Cev
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On 04.07.2006, at 10:29, Daniel W. Crompton wrote:
On 7/3/06, Eugen Leitl <[EMAIL PROTECTED]> wrote:
On Mon, Jul 03, 2006 at 12:12:34PM +0200, Baltasar Cevc wrote:
> >I can't have an OpenVPN tunnel terminate in a vserver,
&g
), however, it can connect to other guests' interfaces. So if you
talk about blocking network connections between the hosts, that would
be a firewall thing, you'd have to set up iptables to get there.
Baltasar
((( Baltasar Cevc
) World wide web:
* http://www.openairkino.net/ (a p
s because
you don't have the capability to create devices - there's some
information about OpenVPN in Vservers in the following page, maybe that
helps:
http://linux-vserver.org/some_hints_from_john (Search for openvpn in
that page)
Baltasar
((( Baltasar Cevc
) World wide web:
*
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Youri,
I experienced some strange "hanging" when DNS resolving did not work.
I'm I had such problems with MySQL, I'm not sure about other daemons,
but that may be a point to check.
As another point to search, I'd try to stop the daemon manuall
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Ehab,
If you haven't changed the init style, the classical init is replaced
by a
procedure called fakeinit, thus the init daemon is not running in the
guest.
(For details about this, you may find quite some mails in the logs, and
probably somew
I'm not sure whether I've correctly understood what you mean. Doesn't
qmail start?
When that's your problem, I assume the solution would be to create an
init script or to use the real init instead of fakeinit. DJB's
daemontools usually start using the inittab which will fail with
fakeinit, as f
Hi Benedict,
The only problem I had the DJB query tools always failed looking up the
things - however that was no real problem as I just use libc/bind
resolver libraries to access it...
Concerning the caps: I think the given capablilites are more than
enough; I haven't set anything special a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Juergen,
The OUTPUT nat chain is only able to dnat.
Now that you mention this I think I remember the point: OUPUT is not the
place to do it - you were right with POSTROUTING - I had a look on the
configuration on my server - the relevant part
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Juergen,
local packets will not traverse the POSTROUTING chain - use OUTPUT
instead (I am not sure whether the MASQUERADE target will work there -
if not, you'll have to script some automatic IP update...)
Hope that helps,
Baltasar
-BEGIN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At least on my server, ifconfig won't show the alias addresses.
I use "ip addr show" when I want to show them. Hope that helps!
Baltasar
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFCsDIMp2YsmzTbIwYRAjDVAJ9D3aXpznM/N7FDRPXePya
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I want to start using vserver on a server machine (it stands far from
here, and I have root, but no terminal access).
Testing the software on my local test machine, everything went smooth
apart from some small issues just at the beginning of my test
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi everybody,
does anybody have a quick hint how to solve the following without
reading and understanding the whole build process:
I want to create a Debian woody package of the current util-vserver
tools. During the packaging process, all files are ins
29 matches
Mail list logo