-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 19.10.2006, at 15:59, Alejandro Cabrera Obed wrote:
Dear all, I've built a vserver on Debian in order to install a Squid
proxy server to use in my network and a Postfix mail server for local
mail only. Squid has the squid.conf configuration file with some lines
involving "localhost" and Postfix has the main.cf configuration file
involving the 127.0.0.0/8 network block.
In my vserver I've created just this dummy interfaces:
eth0:vs1 ---- 10.0.0.1/24
eth0:vs2 ---- 192.168.10.1/32 (non-ruteable)
and in /etc/hosts I map localhost to 192.168.10.1.
My questions are:
1) Is the mapping localhost to 192.168.10.1 a solution for squid.conf
and main.cf lines involving localhost ???
You have to change the lines that have the IP address or IP net
specification.
I positively know that Postfix _does not_ need an lo interface: I have a
vserver without any lo mapping running with it; you'll just have to move
content filters etc. to the IP of the Vserver and use Iptables to
protect
them from outside use. Anyway: the solution you proposed yourself is
proably even nicer: have one public and one internal IP so that if your
Iptables will not work, you won't have people connect to the reinject
interface of postfix and so on.
2) What is the solution for the "my networks = 127.0.0.0/8" network
block set up in the main.cf from Postfix ???
You don't need the block. Just change mynetworks = <vserver ip>/24 and
you'll effectively have the same results as a non-vserver with
127.0.0.1.
Vserver will automatically map connects to localhost to the IP of the
vserver then.
I'm not sure for Squid, but I think it does not make any assumptions
about
the existance of lo; so it'll probably either run or you will be able
to make it run with small modifications (change all the
127.0.0.1/localhost
occurences in the squid.conf to some other IP).
In case you experience trouble with you can mail me via PM or you may
want to
contact the Postfix/Squid mailing list - I'm quite sure there will be a
simple
solution for both services.
Baltasar
((( Baltasar Cevc
) World wide web:
* http://www.openairkino.net/ (a project for the local youth; German
only)
* http://technik.juz-kirchheim.de/ (programming and admin projects)
* http://baltasar.cevc-topp.de/ (private homepage)
) Phone:
+49 176 232 20 822
)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFFOicDp2YsmzTbIwYRAjlcAJ4pBjNv+c8RQhQVI95a4JSXaz0tJQCfdtnv
dUcR8SdYwObHz4mV+hnEnAI=
=bi3l
-----END PGP SIGNATURE-----
_______________________________________________
Vserver mailing list
[email protected]
http://list.linux-vserver.org/mailman/listinfo/vserver
