Re: [vserver] vserver sharing host-server IP address (was: Bug?)

Fri, 01 Nov 2002 13:00:13 -0800 

On Fri, 2002-11-01 at 16:57, Paul Sladen wrote:
> On 31 Oct 2002, Klavs Klavsen wrote:
> 
> > that obviously goes wrong, as I have not defined an IP for my vserver.
> > shouldn't the script check for this - before trying to set up the
> > interface? No IP given - no interface set?
> 
> I don't believe it was ever invisioned--you really don't want to be running
> your vserver on the same IP address on the host-server; 
> 
why not? 

> kindof defeats the point.
>
I can't see it defeats the point at all. My point for using vserver is
to seperate the services I run on the same machine so if one gets hacked
the others are not affected, and so that I from the "real" server can do
file integrity checks that I can trust and thus now for sure if any
vserver has been hacked/cracked.

And in fact it is just annoying to have to do iptables redirection of
packages for my real IP, to the private-IP's on the vserver - and I do
like that this way, I don't have too. Ofcourse there are also good
reasons for doing so, as any vserver can't just start up a service and
expect it to be accessible - but that's a calculated risc I'm taking.

> The script needs fixing to at least complain that you haven't give it any
> (zero) IPs.
> 
I think it should be able to allow for running a vserver on the same
IP/Interface. f.ex. If I had a several Interfaces, and I wanted to
dedicate one for each vserver - it would be annoying and a waste of
time, to have to setup an alias on each interface and rewrite traffic.

> For the moment either make the required 3/4 lines of changes to the vserver
> script or set the IPROOT="" to the address of the host-server and then use:
> 
>   vserver --nodev
> 
> to start it up, which might work since it doesn't cause the device alias to
> be setup (it might not do the chbind() either, so you'll want to check that).
> 
> 
I'll try that. Tnx for your input.

 
-- 
Regards,
Klavs Klavsen

--------------| This mail has been sent to you by: |------------
              Klavs Klavsen - Open Source Consultant 
            [EMAIL PROTECTED] - http://www.EnableIT.dk

    Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA 
Fingerprint = 2873 188C 968E 600D D8F8  B8DA 3D3A 0B79 7E06 3C62
----------------------------------------------------------------
Open Source Software - Sometimes you get more than you paid for.
                                                 -- unknown

Reply via email to