On Tue, Nov 08, 2005 at 07:59:21PM +0000, Lyn St George wrote:
> On Tue, 8 Nov 2005 13:04:50 +0100, Herbert Poetzl wrote:
>
> >On Tue, Nov 08, 2005 at 10:03:40AM +0100, Evert Meulie wrote:
> >> Yup, that was it! :-)
> >>
> >> Are there any plans to make 127.0.0.1 existant in future versions of
> >> vserver?
> >
> >yes :)
>
> Does this mean that binding to 127.0.0.1 is currently risky in
> some way?
well, binding to, no, as it will be remapped to your
first IP, disabling or circumventing this mechanism,
might result in lower security ...
> The reason I ask is that I had to do this to setup Postfix + amavisd
> +spamd inside a vserver. This uses the old style config, and I just
> added 127.0.0.1 to the list of IPs to bind to. A netstat within the
> vserver shows the correct 2 ports bound to this IP, while a netstat
> on the host shows no ports bound. Kernel 2.6.12.4 + vs2.0 +
> tools 0.30.208.
well, yes this reduces the security, but as long as
you 'know' who will bind to 127.0.0.1, it should be
moderate ...
best,
Herbert
> >> Regards,
> >> Evert
> >>
> >>
> >> Oliver Welter wrote:
> >> >Hi,
> >> >
> >> >I think that this problem is related to the nonexisting 127.0.0.1
> >> >address. If I remeber correctly than nagios try to ping this address and
> >> >cant reach it....
> >> >I think that I simply commented this check out in the scripts
> >> >
>
> -
> Lyn
>
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Wed Nov 9 21:22:50 2005