Hello. > > But first I want to know, if this is common =good) practice. Or should I > > rather tinker with bridge and tun devices? The mailing list shows many > > things possible (vlan, bridge, dummy), but I can't see, what the best > > practices are. > > > > If I can gather all th information needed, the I am willing to write > > some doku in the wiki at linux-vserver.org :-) > > > > Dirk, > > If you feel capable and have the time, I suspect many would enjoy reading a > mini "how to" explaining the set up of a virtual LAN like you're doing. > > It seems like the subject comes up often enough for it to be a useful > reference. >
I was the one who recently bugged Herbert about this kind of setup. I had promised I would write a summary of Herbert's tips [other things came up and I had to delay ;-/ ], so I could help with a section or two (but not next week). Nevertheless, I should point that I have the impression that trying to mimic a DMZ network and an internal network through multiple vservers inside a single host doesn't give more security that just having all the vservers on the same net as the host; the impression coming mainly from Herbert's persistently calling this a "funny" scenario. It seems that "ngnet" might be what we are actually looking for... Best regards, Gilles _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
