Re: [Vserver] Re: Problem with vservers interfering with each other on port 25

From: Kathy Kost <kathyk_at_blarg.net>
Date: Wed 12 Jul 2006 - 22:52:08 BST
Message-ID: <Pine.LNX.4.44.0607121448280.15672-100000@animal.blarg.net>

Thanks, Nicolas, for the reply. I have just now and gone and bound smtp
to their specific IP addresses and restarted postfix on all. I can see
your point about not wanting to run anything on the root server. Despite
binding all postfixes, including the root server's, the root server
postfix still refuses connections. I'm less concerned about that one --
more about the other vservers. I will see if I can move that service onto
a new vserver and stop running things in root.

Thanks again for the reply.

Kathy

> This is a typical problem with vservers : The root server has the hability to
> bind on all interfaces, unlike the guests that see only their own
> interface(s).
>
> So, when you start a service in the root server, it is likely to bind on all
> interfaces, even those "belonging" to the guests. Then, the guests will never
> be able to bind on the same ports. Moreover, if you try to access a service
> on an ip/port that should run in a guest, it's the root server that
> responds !
>
> To prevent this, you've got to configure all services that run on the host to
> bind to only one interface. Or, say, all the interfaces that belong to the
> host and are not affected to a guest. For example, for Samba, the smb.conf
> directive is :
> interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0
> (http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html)
>
> For Cups :
> Listen 1.2.3.4
>
> Sshd :
> ListenAddress 1.2.3.4
>
> ...etc.
>
> Anyway, NO service should run in the root server (apart from sshd)... ;-)
>
> Good luck.
>
>

_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Wed Jul 12 22:52:53 2006

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 12 Jul 2006 - 22:52:59 BST by hypermail 2.1.8