-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 19.10.2006, at 15:59, Alejandro Cabrera Obed wrote:
> Dear all, I've built a vserver on Debian in order to install a Squid
> proxy server to use in my network and a Postfix mail server for local
> mail only. Squid has the squid.conf configuration file with some lines
> involving "localhost" and Postfix has the main.cf configuration file
> involving the 127.0.0.0/8 network block.
>
> In my vserver I've created just this dummy interfaces:
>
> eth0:vs1 ---- 10.0.0.1/24
>
> eth0:vs2 ---- 192.168.10.1/32 (non-ruteable)
>
> and in /etc/hosts I map localhost to 192.168.10.1.
>
> My questions are:
>
> 1) Is the mapping localhost to 192.168.10.1 a solution for squid.conf
> and main.cf lines involving localhost ???
You have to change the lines that have the IP address or IP net
specification.
I positively know that Postfix _does not_ need an lo interface: I have a
vserver without any lo mapping running with it; you'll just have to move
content filters etc. to the IP of the Vserver and use Iptables to
protect
them from outside use. Anyway: the solution you proposed yourself is
proably even nicer: have one public and one internal IP so that if your
Iptables will not work, you won't have people connect to the reinject
interface of postfix and so on.
> 2) What is the solution for the "my networks = 127.0.0.0/8" network
> block set up in the main.cf from Postfix ???
You don't need the block. Just change mynetworks = <vserver ip>/24 and
you'll effectively have the same results as a non-vserver with
127.0.0.1.
Vserver will automatically map connects to localhost to the IP of the
vserver then.
I'm not sure for Squid, but I think it does not make any assumptions
about
the existance of lo; so it'll probably either run or you will be able
to make it run with small modifications (change all the
127.0.0.1/localhost
occurences in the squid.conf to some other IP).
In case you experience trouble with you can mail me via PM or you may
want to
contact the Postfix/Squid mailing list - I'm quite sure there will be a
simple
solution for both services.
Baltasar
((( Baltasar Cevc
) World wide web:
* http://www.openairkino.net/ (a project for the local youth; German
only)
* http://technik.juz-kirchheim.de/ (programming and admin projects)
* http://baltasar.cevc-topp.de/ (private homepage)
) Phone:
+49 176 232 20 822
)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFFOicDp2YsmzTbIwYRAjlcAJ4pBjNv+c8RQhQVI95a4JSXaz0tJQCfdtnv
dUcR8SdYwObHz4mV+hnEnAI=
=bi3l
-----END PGP SIGNATURE-----
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Sat Oct 21 14:57:26 2006