I'm having a problem with a fresh Gentoo vServer installation, related to network separation. I've built my vServer with 3 NICs, each of which will be attached to a different network. For example, here's what I'm trying to do:
eth0 -- only available to the vServer host, used exclusively for administrative access to the server from a local PC via SSH. eth1 -- only available to a VPS guest running Samba, to provide Samba services on an isolated private LAN eth2 -- only available to two VPS guests, one running VSFTPD and one running Apache. This interface will be placed in a DMZ by an external firewall. eth0, eth1, eth2 and lo are all up and running on the host. the host is using eth0. as a test setup i have installed two guest servers that will be using eth1. both were created using the --interface eth1:192.168.18.252/24 parameter. The guests correctly report that they are using eth1 at 192.168.18.252. Even though the guest server's ifconfig information shows binding to the correct ethernet adapter and IP address (eth1:192.168.18.252), it appears that they are responding to incoming traffic on eth1:192.168.18.252, but their outgoing traffic is actually going out through eth0:192.168.18.251. there is no isolation of the network interfaces. Can anyone explain this, or how to fix the problem so that the processes are bound to the correct NIC interface and don't use an unauthorized NIC interface? My ultimate goal is to bind the guest servers to the NIC that exists in the appropriate firewall zone. FYI, here is a thread that summarized the problem in more detail: http://forums.gentoo.org/viewtopic-p-3495451.html#3495451 I've searched this list's archives regarding this problem, and i found two relevant threads. The first one mentioned having found a solution that was going to be posted to the "recipies" page, but the recipies page shown in the hyperlink is blank. The second thread contained a discussion about this improper behavior and whether this default behavior should be changed, but there was no follow-up. Its not clear to me if this is an error or if this is how things are supposed to work. Any insights would be appreciated! Thanks! __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
