On Tue, Feb 14, 2006 at 01:23:45PM +1100, Howard Lowndes wrote: > They will be fully fitted virtual servers, rather than services.
Yeah but are you really going to allow arbitrary services? If you lock it down to say, just http/s and ssh there might be some solution. The pair (ipaddress,port) uniquely identifies a service. Apache can get around this by using (name,port). Once connected, Ssh doesn't used only (ip,port); it is possible to get sshd to take note of other stuff besides the dest ip address. A hack I'm thinking of would be like this: http://subversion.tigris.org/faq.html#ssh-svnserve-location but netcat to the real server inside instead of run svnserve. Matt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html