Re: [Vserver] Proxy, DMZ

Tue, 28 Sep 2004 15:41:20 -0700 

On Tue, Sep 28, 2004 at 04:55:01PM +0200, Christian Mayrhuber wrote:
> On Tuesday 28 September 2004 16:06, Gilles wrote:
> > Thanks for the pictorial description;  I start to figure it out...
> > 
> > Nevertheless, taking up from "lo as 2 doors", wouldn't it have 
> > been clearer to have an alias for "lo", instead of a new 
> > interface "dummy0" for the sole purpose of assigning it a 
> > different IP address?

> > I.e. is it possible to have e.g. a "lo:dummy0" alias?  
> > But maybe "dummy0" has yet other properties (?) that are 
> > not apparent from the above explanation.
> > 
> > Gilles
> 
> lo is no real interface, lo simply repeats all network traffic 

objection!

> to everyone who is listening on lo, no firewall rules, no two 
> doors, nada. Lo is a big  darn door where everything which 
> wents out comes back in again.
> 
> The dummy interface is the only "real" virtual network interface, 
> able to do things like routing, firewall rules, etc.

whoa! not so fast ... 

> Lo cannot do these things, it's fast, but no full fledged network 
> interface.

okay, both interfaces (lo and dummy) _are_ special
in the way they handle packets sent _through_ them ...

here is a (not so much) simplified version of the
'transmit' function of them ...

static int loopback_xmit(struct sk_buff *skb, struct net_device *dev)
{
        stats->rx_bytes += skb->len;
        stats->tx_bytes += skb->len;
        stats->rx_packets++;
        stats->tx_packets++;

        netif_rx(skb);
        return 0;
}


static int dummy_xmit(struct sk_buff *skb, struct net_device *dev)
{
        stats->tx_packets++;
        stats->tx_bytes+=skb->len;

        dev_kfree_skb(skb);
        return 0;
}

> In short you can't make da door with lo, you need a real network 
> interface card or the dummy network interface for that purpose.

local traffic is always sent via lo, which explains
(not only for my networking examples) why a ping to
a local ip address fails if lo is not configured ...

local or remote traffic is never sent via dummy, because
it just wouldn't return (it's basically /dev/null for
networking) ...

hope that helps a little,
Herbert

> -- 
> lg, Chris
> 
> _______________________________________________
> Vserver mailing list
> [EMAIL PROTECTED]
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver

Reply via email to