Hello Nuno :o) When i mentioned using lo for "sniffing protection" i was thinking about protecting the vservers network data flow from other servers on the same network! :o) (not about sniffing the data beetween vservers/root server).
Regards, Lu�s Miguel Silva > > > Lu�s Miguel Silva wrote: > > [..snip..] > >> Since i thought *somebody could sniff the data beetween vservers* i >> choosed to bind them into the lo interface! That way they can still >> communicate with each other and be "secure" ;o) [would somebody >> correct me on this if im wrong?] > > Ol� Lu�s! > > In the default vserver .conf, the vservers' root can't control the > network interfaces, so vservers' root can't enable promisc mode and > can't run a sniffer. > > If the vservers' root could enable sniffing (you added CAP_NET_* to the > vservers' capabilities list, for instance) then he could do it in eth0 > or lo... So, afaict, chbind'ing to eth0: or lo: it's the same in terms > of "sniffer protection". > > Um abra�o, > Nuno Silva +----------------------------------------- | Lu�s Miguel Silva | Network Administrator@ ISPGaya.pt | Rua Ant�nio Rodrigues da Rocha, 291/341 | Sto. Ov�dio � 4400-025 V. N. de Gaia | Portugal | T: +351 22 3745730/3/5 F: +351 22 3745738 | G: +351 93 6371253 E: [EMAIL PROTECTED] | H: http://lms.ispgaya.pt/ +-----------------------------------------
