Hello everyone, I have a Debian Etch vserver host running 2.6.18-4-xen-vserver-686 kernel, util-vserver 0.30.212-1 and vserver-debiantools 0.3.4.
The configuration will have about 10 vserver clients running apache/php5 talking to a mysql server. Each vserver client has a regular (routable) IP address, but each has the same MAC address as the hosting server. I would like to use IPTables to block the client vservers from talking to each other but since they all have the same MAC address, this becomes problematic. What is the current best practice for doing this? I've read abit about NGNET-Testing and a vnet patch from http://oldwiki.linux-vserver.org/NGNET-Testing-HOWTO but the code is dated. I tried setting up IPTables rules in on the vserver host, this helps restrict traffic to the vserver clients but it doesn't block 'inter' vserver communication. I've read 'hints' about running iptables inside of the vserver client (but I haven't figured out how to implement this) and then drop net_admin capability once the rules are in place. Again, if someone can point me to a 'best practices' for accomplishing this I would be most appreciative. Thanks, Jim _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
