Home » Mailing lists » Users » openvz and SuSE
| Re: openvz and SuSE [message #1228 is a reply to message #1218] |
Fri, 03 February 2006 15:03   |
dim
Messages: 344
Registered: August 2005
|
Senior Member |
|
|
OpenVZ allows to use firewall both on HN and in VPSs.
And I was completely wrong talking that there is no way!!!
You can set no IP to eth0, but have VPSs accessible from intranet.
Here:
ifconfig eth0 0
ip r add 10.0.0.0/8 dev eth0
ip r add default via GW_ADDR
sysctl -w net.ipv4.conf.eth0.proxy_arp=1
ip route add VPS1_IP dev venet0
vzctl start VPS1
there should be some warnings, just skip them.
So, the main point is to enable arp_proxying on intranet interface and have
added VPS related routes before VPS start (else vzctl will return with error
- you may fix this in /usr/lib/vzctl/scripts/vps-functions)
On Friday 03 February 2006 16:37, Daniel Bauer wrote:
> From: "Mishin Dmitry" <dim@sw.ru>
>
> > On Friday 03 February 2006 15:38, Daniel Bauer wrote:
> >> is it possible to take another way to work on Ethernet level, because
> >> I
> >> don't want a official IP for the host.
> >> 1. security
> >> 2. no need for
> >> 3. one official IP less for each block
> >
> > If you have only one or two VPSs, you can use real devices dedicated
> > to each
> > VPS, but this is not your case. For now, we don't work on Ethernet
> > level and
> > you are required to have one more real IP for the block.
> >
> > I suppose, that from security point of view it is a not big deal,
> > while you
> > can use netfilter to protect it and additionally all VPSs, because
> > their
> > traffic goes through HN route tables.
> >
> > If it is still the problem, you can check Virtuozzo's Name Based
> > Hosting
> > feature - it allows to use one real IP for multiple VPSs (pop, smtp,
> > http,
> > ftp)
>
> Hello Dmitry,
>
> thanks for your explaination.
>
> If I understand you right, you do the firewalling on the host, not in
> the VPS. I think it will work and I could afford one more IP for the
> host, but my opinion was to have less as possible on my host and let the
> VPS do the work ;)
>
> Thanks again
> Daniel
>
--
Thanks,
Dmitry.
|
|
|
|
 |
|
openvz and SuSE
|
|
|
Re: openvz and SuSE
By: kir on Wed, 01 February 2006 13:43 |
|
|
Re: openvz and SuSE
|
|
|
Re: openvz and SuSE
By: kir on Wed, 01 February 2006 17:00 |
|
|
Re: openvz and SuSE
|
|
|
Re: openvz and SuSE
By: kir on Thu, 02 February 2006 17:06 |
|
|
Re: openvz and SuSE
|
|
|
Re: openvz and SuSE
|
|
|
Re: openvz and SuSE
By: kir on Fri, 03 February 2006 09:20 |
|
|
Re: openvz and SuSE
|
|
|
Re: openvz and SuSE
By: kir on Fri, 03 February 2006 11:04 |
|
|
Re: openvz and SuSE
|
|
|
Re: openvz and SuSE
By: kir on Fri, 03 February 2006 12:48 |
|
|
Re: openvz and SuSE
By: dim on Fri, 03 February 2006 09:30 |
|
|
Re: openvz and SuSE
|
|
|
Re: openvz and SuSE
By: dim on Fri, 03 February 2006 10:52 |
|
|
Re: openvz and SuSE
|
|
|
Re: openvz and SuSE
By: dim on Fri, 03 February 2006 13:00 |
|
|
Re: openvz and SuSE
|
|
|
Re: openvz and SuSE
By: dim on Fri, 03 February 2006 15:03 |
|
|
Re: openvz and SuSE
By: jbond007 on Wed, 08 February 2006 15:43 |
|
|
Re: Re: openvz and SuSE
By: dim on Wed, 08 February 2006 15:52 |
|
|
Re: Re: openvz and SuSE
By: jbond007 on Wed, 08 February 2006 17:07 |
|
|
Re: Re: Re: openvz and SuSE
By: dim on Thu, 09 February 2006 09:23 |
|
|
Re: Re: Re: openvz and SuSE
By: jbond007 on Thu, 16 February 2006 03:11 |
|
|
Re: Re: Re: openvz and SuSE
By: dev on Thu, 16 February 2006 06:38 |
|
|
Re: Re: Re: openvz and SuSE
By: jbond007 on Thu, 16 February 2006 14:50 |
|
|
Re: Re: Re: Re: openvz and SuSE
By: dev on Fri, 17 February 2006 06:17 |
|
|
Re: Re: openvz and SuSE
|
|
|
Re: Re: openvz and SuSE
By: jbond007 on Thu, 09 February 2006 01:47 |
Goto Forum:
Current Time: Mon Jul 15 07:02:42 GMT 2024
Total time taken to generate the page: 0.02363 seconds
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
