Re: virtual server routing table

About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Rik van Riel (riel_at_conectiva.com.br)
Date: Wed Nov 07 2001 - 08:35:17 EST

Next message: Luc Stepniewski: "Question about seeing other bindings"
Previous message: Sam Vilain: "Re: virtual server routing table"
In reply to: Sam Vilain: "Re: virtual server routing table"

On Wed, 7 Nov 2001, Sam Vilain wrote:

> An interesting point.
>
> What you want is something like chroot() for the networking stack.
> Maybe the iptables infrastructure has room for this.
>
> Can't you do what you want by simply using two default routes?

No need for things like that. Linux already supports
multiple routing tables and it is trivial to setup
routing in something like the following way, where
"SCTX" is security context.

HOST: 10.0.1.1 default routing table
SCTX 3: 10.0.1.3 routing table 3

This can be setup in something roughly like the
following way:

ip rule add from 10.0.1.3 table 3
ip route add default via <gateway> table 3

regards,

Rik

-- DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/

http://www.surriel.com/ http://distro.conectiva.com/

Next message: Luc Stepniewski: "Question about seeing other bindings"
Previous message: Sam Vilain: "Re: virtual server routing table"
In reply to: Sam Vilain: "Re: virtual server routing table"

About this list	Date view	Thread view	Subject view	Author view	Attachment view

This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:00 EDT