On Tue, Sep 28, 2004 at 04:19:21PM +0200, Gilles wrote: > > > > > > +--------+ +------+ > > > DMZ | Apache |-----| Exim |------+ +--- > > > +--------+ +------+ | +----+ / > > > |----| FW |------| Internet > > > | +----+ \ > > > +--------+ +------+ | +--- > > > Private | Mysql |-----| LDAP |------+ > > > +--------+ +------+ | > > > | > > > +-----+ +-----+ +-----+ | > > > Users | A |---| B |---| C |--+ > > > +-----+ +-----+ +-----+ > > > > > > but where there is one vserver for each of Apache, Exim, Mysql and > > > LDAP, but all are in a single physical host. FW is another physical > > > machine where there is a software firewall (maybe in its own vserver, > > > as you suggested), and A, B, C are end-users physical machines. > > > > In the sense of routing/firewalling, you probably will gain something > > out of this - > > You could create multiple iptables with different default gateways, > > per-dummyX-host firewalls, etc. > > An example, maybe, of what you mean? > > > However anyone connected on the same subnet (physical network, eg. on > > the same HUB/SWITCH will be able to sniff all packets traversing the > > network. > > But only if the data are targetted to one of the physical machines, not > in the case of data transmission between vservers (within a single host). > > > Personally I would go for 802.1q vlan's, but that's my personal opinion. > > Thanks for the suggestion; I'll keep it mind, although I currently can't > test this because my ethernet is 10Mb/s.
and how would that be related? best, Herbert > Best regards, > Gilles > _______________________________________________ > Vserver mailing list > [EMAIL PROTECTED] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
