On Wed, 22 Sep 2004 15:18:54 +0200, Herbert Poetzl <[EMAIL PROTECTED]> wrote: > On Wed, Sep 22, 2004 at 12:17:41AM +0200, Gilles wrote: > > Hi. > > > > > > > > Is it possible to set up the equivalent of a LAN with a DMZ and > > > > a "secure" part, all within a single physical machine (with a > > > > single network adapter)? > > > > > > yes, it is possible, but it does only make limited > > > sense if you are concerned about security ... > >
A good reason someone might be interested in this and not concerned with the possible security implications is to test application interoperability. I will be pursing this later in the winter because I want to see how my applications run in a distributed environment. I can go find 10 computers and wire them together or I could figure out how to emulate 10 computers in a virtual network. VMware does this, but it is too heavy due to the overhead. CoLinux for Windows can do this too, because it uses the bridged networking facilities of windows XP/2000 but it has very poor network performance (probably due to the Tap drivers for windows, not CoLinux itself) and cannot emulate a 100MB network connection. As we know, linux-vserver is the most resource-friendly server virtualization project around so it would be very interesting to use it in this case. Let me also point out that linux-vserver is very secure. Herbert, I don't think you're meaning to imply that there are security problems with this project, but that if someone is able to get access to the root server via some exploit probably not related to the linux-vserver project that all of the virtual servers are compromised as well. If you're looking for security, many experts suggest layers of protection and with the linux-vserver project you really don't have that. If you've taken the recomended precautions and feel confident about the security of the root server and your main concern is the possibility of a child server being compromised, due to delegated administrative authority for example, know that If a child server is compromised, they will be contained in that child server. Of course, no warranty expressed or implied, YMMV, use at your own risk, etc. ;-) -- Matthew Nuzum | Makers of "Elite Content Management System" www.followers.net | View samples of Elite CMS in action [EMAIL PROTECTED] | http://www.followers.net/portfolio/ _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
