-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Is there any way to restrict a guest from accessing some
interfaces or services of other guests?
The guest can only actively use the interfaces assigned to it (see the
"great flower page", /etc/vservers/<vserver-name>/interfaces about
that), however, it can connect to other guests' interfaces. So if you
talk about blocking network connections between the hosts, that would
be a firewall thing, you'd have to set up iptables to get there.
Yes, I know. But I have not succeeded to restrict access by iptables,
neither. It seems that no iptables rules are used when the IP packets
are delivered inside the host. At least inside one device. Or do I
have a bug in my rules?
Locally generated packages traverse somewhat different chains than
packets from the internet; when using the appropriate chains, they
should be filtered (well, it worked for me); as I currently don't have
any special treatments for specific packets, I don't have the right
chain in mind, you should be able to find it here, though:
http://www.faqs.org/docs/iptables/traversingoftables.html
Hope that helps,
Baltasar
((( Baltasar Cevc
) World wide web:
* http://www.openairkino.net/ (a project for the local youth; German
only)
* http://technik.juz-kirchheim.de/ (programming and admin projects)
* http://baltasar.cevc-topp.de/ (private homepage)
) Phone:
+49 176 232 20 822
)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFErX0Wp2YsmzTbIwYRAnX1AKDQuOA64V2saeseKyXhXf4CrWwxlQCcDrAX
dKeITADM5IvcpwJfujB8xmA=
=21Em
-----END PGP SIGNATURE-----
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
