Herbert Poetzl wrote:
using 127.X.0.1 with X!=0 seems somewhat strange,
what is the idea behind this? 'normal' vservers do
not use lo device, because this is a security hole
per definition ...
I thought that sharing the IP address 127.0.0.1 was the security hole, and the only thing special about lo is that it is a dummy interface that doesn't broadcast anywhere. The IP RFC specifies the whole of 127.* for local host addresses (of course, glibc has an arguably broken #define of INADDR_LOOPBACK = 127.0.0.1, so certain methods of opening a socket (eg, ssh port forwarding) break).
Having said that, the times I've tried to set up vservers on the loopback interface firewalling didn't work correctly (IIRC) so maybe it is special in some wierd and historic way.
Sam. _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
