On Sun, Jan 21, 2007 at 09:46:11AM -0800, David Christensen wrote: > Thanks for the info/advice! I was mainly looking to use one of the > guests as a test environment. It's super-easy (and fast) to blow it > away and create a new guest from a ready-made template.
yes, I guess that is one of the major advantages of this kind of virtualization/isolation technique > I see your point about a mail server trying to manipulate packet > targets. I believe it uses rules to do some form of tar-pitting. i.c. > Any time I can cause spammers grief and slow down their operations, > I'll take a look at it. of course, if you actually trust that context enough, you can easily add the required capabilities and allow it to manipulate the netfilter tables too best, Herbert > Herbert Poetzl wrote: > >On Sat, Jan 20, 2007 at 11:05:36PM -0800, David Christensen wrote: > > > >>I'm wondering if it's possible to get netfilter capabilities in > >>the guest? > >> > > > >well, netfilter works perfectly fine inside and outside a > >guest, what you cannot do inside a guest is to manipulate > >the netfilter rules > > > > > >>I wanted to try to run XMail in a guest, but it needs netfilter > >>support, namely: CONFIG_IP_NF_TARGET_REDIRECT > >> > > > >this is a kernel config option, you can select that when > >you build your kernel and it will be there ... > > > > > >>My guess is no-dice! > >> > > > >depends on what XMail is going to do with that :) > > > >IMHO a mail server application which uses netfilter rules > >to change the target of packets? sounds suspicious to me. > > > >even more suspicious, if you run it on a guest with a > >single ip for example :) > > > > > >>But I thought I'd ask if anyone's gotten XMail running in a guest. > >> > > > >we'll see, in case that doesn't work out, I'd suggest > >to use something like postfix or qmail, which should > >work perfectly fine for the mail part, and a few other > >applications for pop/imap/webmail ... > > > >HTH, > >Herbert > > > > > >>Thanks, > >> > >>David > >> > > > > > >>begin:vcard > >>fn:David Christensen > >>n:Christensen;David > >>email;internet:[EMAIL PROTECTED] > >>x-mozilla-html:TRUE > >>version:2.1 > >>end:vcard > >> > > > > > >>_______________________________________________ > >>Vserver mailing list > >>[email protected] > >>http://list.linux-vserver.org/mailman/listinfo/vserver > >> > > > >_______________________________________________ > >Vserver mailing list > >[email protected] > >http://list.linux-vserver.org/mailman/listinfo/vserver > > > begin:vcard > fn:David Christensen > n:Christensen;David > email;internet:[EMAIL PROTECTED] > x-mozilla-html:TRUE > version:2.1 > end:vcard > > _______________________________________________ > Vserver mailing list > [email protected] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
