Re: [Vserver] Routing in VServers
Christian Affolter escribió: Could someone point me to some URL or doc? I think this tutorial should be helpful to you: http://iptables-tutorial.frozentux.net/iptables-tutorial.html Thanks! It's a very big document (200 pg), so I'll take a look step by step :) begin:vcard fn;quoted-printable:Asier Barangu=C3=A1n n;quoted-printable:Barangu=C3=A1n;Asier org;quoted-printable:ELPA Gesti=C3=B3n adr;quoted-printable;dom:;;c/ Henao 4 - 3=C2=BAA;Bilbao;Bizkaia;48009 email;internet:[EMAIL PROTECTED] title:A/P tel;work:944.23.01.66 tel;fax:944.23.01.78 x-mozilla-html:FALSE url:http://www.elpagestion.com version:2.1 end:vcard ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Routing in VServers
Herbert Poetzl escribió: http://www.faqs.org/docs/iptables/traversingoftables.html note, in recent kernels the local tables can be selected independantly IIRC ... Hmm... one question not directly related to this. My guests work with 'eth0' interface but I've seen in some mails from the list that people make their guests work with the dummy0 interface. ¿What's the advantage of using it? I can't see the point :-? Thanks begin:vcard fn;quoted-printable:Asier Barangu=C3=A1n n;quoted-printable:Barangu=C3=A1n;Asier org;quoted-printable:ELPA Gesti=C3=B3n adr;quoted-printable;dom:;;c/ Henao 4 - 3=C2=BAA;Bilbao;Bizkaia;48009 email;internet:[EMAIL PROTECTED] title:A/P tel;work:944.23.01.66 tel;fax:944.23.01.78 x-mozilla-html:FALSE url:http://www.elpagestion.com version:2.1 end:vcard ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Routing in VServers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 � wrote: Herbert Poetzl escribi�: http://www.faqs.org/docs/iptables/traversingoftables.html note, in recent kernels the local tables can be selected independantly IIRC ... Hmm... one question not directly related to this. My guests work with 'eth0' interface but I've seen in some mails from the list that people make their guests work with the dummy0 interface. �What's the advantage of using it? I can't see the point :-? for me, it means that i can have 'internal' vservers that are protected from outside attack, but are still accessible for use by my other vservers - e.g. i have a mysql vserver on an internal dummy interface, and also a development vserver like this. another advantage is that i can set stuff up that would normally require localhost (e.g. apache status monitoring) on the internal dummy interface so that i can see it, but again it is not accessible by the world. --gdm - -- http://docs.indymedia.org/view/Main/GarconDuMonde gpg --keyserver pgp.mit.edu --recv-keys 594B97C2 Key fingerprint = 7B70 F22D F275 D111 3A04 F9EE 0E25 4944 594B 97C2 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.1 (Darwin) iD8DBQFF1CdZDiVJRFlLl8IRAj4/AJ9owEjcLHuiLBk7BYca8Vw22ymDRwCfWDul PgUkTCaBDL4ncMcBvzyx15c= =Y1SS -END PGP SIGNATURE- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Routing in VServers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 15.02.2007, at 08:30, Asier Baranguán wrote: Herbert Poetzl escribió: http://www.faqs.org/docs/iptables/traversingoftables.html note, in recent kernels the local tables can be selected independantly IIRC ... Hmm... one question not directly related to this. My guests work with 'eth0' interface but I've seen in some mails from the list that people make their guests work with the dummy0 interface. ¿What's the advantage of using it? I can't see the point :-? I'd say there is no technical advantage - I sometimes do that if I want to have public and private IP addresses separated (I use eth0 for public ones and dummy0 for private ones). The communication is taking place on 'lo' anyway, traffing going to the outerspace will be routed as usual by the host. So even with my dummy0 setup, I have to set up SNAT/Masquerading connections to outerspace. As far as I can see some people (that was what I thought at the beginning, too) don't want to have the guest to guest traffic on eth0 and use dummy. This is, of coure, pointless, as the kernel takes care of that and has all that traffic on lo. Hope that answers your question Balatasar ((( Baltasar Cevc ) World wide web: # http://www.openairkino.net/ (a project for the local youth; German only) # http://technik.juz-kirchheim.de/ (programming and admin projects) # http://baltasar.cevc-topp.de/ (private homepage) ) Phone: +49 178 691 22 33 ) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) iD8DBQFF1CnUp2YsmzTbIwYRAhQOAJ9QpQsqbZ/N5dExGzmvsXGIPODzMQCgjVOq jFSAekO7bRtdZ63UI+IgKwU= =TSzn -END PGP SIGNATURE- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Moving guest and can not enter again.
Hi there, I just moved a guest from: Versions: Kernel: 2.6.16.20-vs2.0.2-rc22.20060627.4 VS-API: 0x00020001 util-vserver: 0.30.210; Jun 27 2006, 13:58:57 Features: CC: gcc, gcc (GCC) 3.3.5 (Debian 1:3.3.5-13) CXX: g++, g++ (GCC) 3.3.5 (Debian 1:3.3.5-13) CPPFLAGS: '' CFLAGS: '-g -O2 -std=c99 -Wall -pedantic -W' CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0' build/host: i686-pc-linux-gnu/i686-pc-linux-gnu Use dietlibc: yes Build C++ programs: yes Build C99 programs: yes Available APIs: v13,net ext2fs Source: e2fsprogs syscall(2) invocation: alternative vserver(2) syscall#: 273/glibc Paths: prefix: / sysconf-Directory: /etc cfg-Directory: /etc/vservers initrd-Directory: /etc/init.d pkgstate-Directory: /var/run/vservers vserver-Rootdir: /home/vservers to: Versions: Kernel: 2.6.17.13-vs2.0.2.1.2006120900 VS-API: 0x00020002 util-vserver: 0.30.211; Nov 24 2006, 14:23:34 Features: CC: gcc, gcc (GCC) 3.3.5 (Debian 1:3.3.5-13) CXX: g++, g++ (GCC) 3.3.5 (Debian 1:3.3.5-13) CPPFLAGS: '' CFLAGS: '-g -O2 -std=c99 -Wall -pedantic -W' CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0' build/host: i686-pc-linux-gnu/i686-pc-linux-gnu Use dietlibc: yes Build C++ programs: yes Build C99 programs: yes Available APIs: v13,net ext2fs Source: e2fsprogs syscall(2) invocation: alternative vserver(2) syscall#: 273/glibc Paths: prefix: sysconf-Directory: /etc cfg-Directory: /etc/vservers initrd-Directory: /etc/init.d pkgstate-Directory: /var/run/vservers vserver-Rootdir: /home/vservers The guest seems to start allright: ~ # vserver shadow-vs01 start Starting system log daemon: syslogd. Starting kernel log daemon: klogd. Starting MTA: exim4. Starting internet superserver: inetd. Starting MySQL database server: mysqld. Checking for crashed MySQL tables in the background. Starting OpenBSD Secure Shell server: sshdPRNG is not seeded Starting deferred execution scheduler: atd. Starting periodic command scheduler: cron. Starting web server: Apache2[Thu Feb 15 15:27:46 2007] [warn] NameVirtualHost 192.168.1.7:80 has no VirtualHosts ~ # vserver-stat CTX PROCVSZRSS userTIME sysTIMEUPTIME NAME 0 50 62.5M 17.2M 15h41m10 6h37m34 67d23h39 root server 7 15 266.7M 88.5M 6m43s19 0m18s92 10m02s37 shadow-vs01 But I couldn't enter the guest: ~ # vserver shadow-vs01 enter vlogin: openpty(): No such file or directory What went wrong? Hope someone can help me. Regards, Vincent Pluk eMAXX, The Netherlands ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Network - How is it implemented?
Philippe Teuwen wrote: iptables and routing remains on the host, but can be proxied (i.e. done via policy daemon) Hi Herbert, Does such daemon exist already? Yes: http://www.virtuaserver.com.br/forum/viewtopic.php?t=130 -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Network - How is it implemented?
John Alberts wrote: the host. The main problem is that opening a port because 1 guest needs it, opens that port for all guests and the host. So why don't you specify the guest's IP address in the rule? -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] debian host wants centos guest
ADNET Ghislain wrote: is it possible to build a centos guest on a debian host ? Yes. i cannot made it . i have setup a server using vyum and -d centos4 but i got a system so tiny that i havent any yum or rpm or any package (not even vi) and anything i want to install fails. Fails how? How are you trying to install it? If you want the guest to manage its own packages, you should run: vyum guest -- install yum vserver guest pkgmgmt internalize -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver