OpenVZ Forum


Home » General » Support » Networking, security
Networking, security [message #37421] Tue, 08 September 2009 14:55 Go to next message
andreas2 is currently offline  andreas2
Messages: 10
Registered: May 2009
Junior Member
As I understood veth is a brigde, so all clients can listen to whole traffic.

Starting of /etc/init.d/libvirt-bin seems to be necessary to start dnsmasq, but can be stopped afterwards (starting "networking" clients after stopped works)
So what does libvirt do?
I've read it offers managing functions, so is it unsecure to have it running?

I would prefer tu run few on the host, is it possible to give one vz-client the ability to manage other clients (so they would run inside this client)?

thanks, Andrew

Report message to a moderator

Re: Networking, security [message #37423 is a reply to message #37421] Tue, 08 September 2009 16:24 Go to previous messageGo to next message
kir is currently offline  kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia
Senior Member
andreas2 wrote on Tue, 08 September 2009 18:55
As I understood veth is a brigde, so all clients can listen to whole traffic.


From vzctl man page:
       --mac_filter on|off
           Enables/disables  MAC  address  filtering  for  the  Container veth
           device and the possibility of configuring the MAC address  of  this
           device from inside the Container. If the filtering is turned on:
           *  the  veth  device  accepts  only  those  packets that have a MAC
           address in their headers  corresponding  to  that  of  this  device
           (excluding all broadcast and multicast packets);
           *  it  is impossible to modify the veth MAC address from inside the
           Container.
           By default, this functionality is  enabled  for  all  veth  devices
           existing inside the Container.


Kir Kolyshkin
http://static.openvz.org/userbars/openvz-developer.png

Report message to a moderator

Re: Networking, security [message #37424 is a reply to message #37421] Tue, 08 September 2009 16:29 Go to previous message
kir is currently offline  kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia
Senior Member
andreas2 wrote on Tue, 08 September 2009 18:55
Starting of /etc/init.d/libvirt-bin seems to be necessary to start dnsmasq


Neither libvirt nor dnsmasq is part of OpenVZ, so please address your question to their developers or your distro vendor.

PS1 sorry I do not understood the rest of your question
PS2 could you please follow the "one question-one topic" rule, otherwise it's not easy to answer and not convenient for the other users to read this afterwards.

Kir Kolyshkin
http://static.openvz.org/userbars/openvz-developer.png

Report message to a moderator

Previous Topic: Compiling for Kernel 2.6.30
Next Topic: PCI Passthrough
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Fri Nov 08 22:58:43 GMT 2024

Total time taken to generate the page: 0.03320 seconds
Powered by FUDforum Powered by Virtuozzo Containers