On Tue, 26 Nov 2002, Brian Ipsen wrote:
> My assumption is that everything needs to be configured in the "root"
> system,
Yes.
> and the allow/deny traffic for each individual vserver
Well, per *IP address*, but yes.
> - but is the vserver IP addresses seen as several virtual adapters on
> the "root" system
Nope, just plain IP aliases bound to the network interface. (This is why we
have the `problem' with bind(0.0.0.0) in the host server grabbing all the
addresses).
> - or how do I construct my chains ??
"Normally."
iptables -A INPUT -i eth0 -d 1.2.3.4 [...etc]
-Paul
--
Nottingham, GB
