-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 22.10.2006, at 03:58, Herbert Poetzl wrote:
SRC=10.0.0.151 DST=10.0.0.151 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0
DF
PROTO=TCP SPT=5432 DPT=54937 WINDOW=32767 RES=0x00 ACK SYN URGP=0
Which is pretty strange since
- my firewall rules allow all connection from port 5432.
I'd double-check the rules. Please note that you have lo traffic with
non-lo IP addresses (as far as I can tell that's normally not the case
without vserver). As far as I know the packets would have been from
and to eth0 for example without the patched kernel.
nope, wrong, the packets would look exactly the same
without the vserver patch, local traffic is always
'local' and thus uses the loopback (lo) device
what would have been different (on the host or with
an unpatched kernel) is, that the command would have
chosen 127.0.0.1 instead (given that this is available
and assigned to lo, which is usually the case)
Vserver should not change anything with Netfilter, except for the
fact that you have to set up the rules on the host and that the
interface names may change.
it doesn't change anything there. period.
Sorry, I obviously wrote non-sense. I just quickly thought
about it, didn't check my assumptions and and made up wrong
conclusions because of that :-( Shame on me.
Baltasar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFFOzlMp2YsmzTbIwYRAquvAJ0QykOfNhgK+CRMWEWWsnh3Wjd+YQCgzH2q
3YP8x0wKjFU4yc0MUt2nI1o=
=GRTb
-----END PGP SIGNATURE-----
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
