From: Billy Hager (whager_at_bellsouth.net)
Date: Tue 14 May 2002 - 21:40:27 BST
I am working with a computer which has one network card and runs one vserver.
Outside the vserver the computer acts a print/nfs server for my local
network. Inside the shell server is a full Linux distrobution running as a
shell server. I would like to set up a situation where no network traffic
from the vserver ever goes anywhere else but the internet.
I don't want people on the vserver using my printer and poking around my local
network. ;)
I would like to create a virtual network interface that I could connect the
vserver to and filter with iptables. User Mode Linux(UML) uses virtual
network devices to manage its network, and I know I could use it.
Unfortunately, UML creates a layer of complexity that I don't want to deal
with.
Is there another way that I can create a virtual network interface without
using UML? TUN/TAP looks promising, and that's what UML uses to create its
virtual network. Again, I have been unable to find a solution that doesn't
use UML.
Does anyone know of any solutions that don't require UML?
Another option would be to buy a second network card and switch. The vserver
would be bound to one card(eth0) and everything else would use the other
card(eth1). That's a $60+ solution, though, and I don't learn anything in
the process. There must be a way to set up a virtual network.
Thanks in advance,
Billy Hager
whager_at_bellsouth.net