> > > > +--------+ +------+ > > DMZ | Apache |-----| Exim |------+ +--- > > +--------+ +------+ | +----+ / > > |----| FW |------| Internet > > | +----+ \ > > +--------+ +------+ | +--- > > Private | Mysql |-----| LDAP |------+ > > +--------+ +------+ | > > | > > +-----+ +-----+ +-----+ | > > Users | A |---| B |---| C |--+ > > +-----+ +-----+ +-----+ > > > > but where there is one vserver for each of Apache, Exim, Mysql and > > LDAP, but all are in a single physical host. FW is another physical > > machine where there is a software firewall (maybe in its own vserver, > > as you suggested), and A, B, C are end-users physical machines. > > In the sense of routing/firewalling, you probably will gain something > out of this - > You could create multiple iptables with different default gateways, > per-dummyX-host firewalls, etc.
An example, maybe, of what you mean? > However anyone connected on the same subnet (physical network, eg. on > the same HUB/SWITCH will be able to sniff all packets traversing the > network. But only if the data are targetted to one of the physical machines, not in the case of data transmission between vservers (within a single host). > Personally I would go for 802.1q vlan's, but that's my personal opinion. Thanks for the suggestion; I'll keep it mind, although I currently can't test this because my ethernet is 10Mb/s. Best regards, Gilles _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
