On Sunday 07 January 2007 19:44, Oliver Welter wrote:
> Hi Oliver,
>
> > i'm trying to restrict access from one vserver to another vserver
> > running on the same machine. one is running on dummy0, the other one on
> > dummy1. i tried firehol and shorewall, but it just doesn't work. it
> > seems that all firewall rules are just ignored. what's so special with
> > the vserver networking? has anyone examples how to setup working
> > iptables rules that prevents access from one vserver to another?
>
> AFAIK it is not possible to restrict networking betwwen two guests as
> the pakets are switched directly on the shared interface and do not pass
> the iptables queues. There is a new network stack popping up at the
> horizon ("network-ng") but its not usable at the moment.
>
> OliverHi Oliver, All traffic does go through iptables, even local one! Local traffic will leave through the OUTPUT chain and come in through the INPUT chain, using lo interface. In most cases though iptables is configured to accept all traffic that goes through lo... Bruno _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
