RE: [vserver] DNS resolving problems in vserver

About this list Date view Thread view Subject view Author view Attachment view

From: Huibert Alblas (halblas_at_weos.de)
Date: Thu Aug 08 2002 - 03:50:10 EDT


Am Mit, 2002-08-07 um 21.00 schrieb Russell Anthony:
> Will SSH depend on CAP_NET_RAW as well for some reason ? I can't seem
> to get it to work and I have my config set the same way. I can't seem to get
> ANY network interaction with my vserver.
>

Hi,
on, ssh and the sshd do _not_ need any kind of extra CAPS to be
definened in your /etc/vservers/VSERNAME.conf.

We are running one sshd on the main server, bound to his IP only, and 3
sshd in vservers in a different subnet, all bound to their own ips, all
definened in /etc/ssh2/sshd2.config in all vservers.

These are all started from the normal /etc/init.d/ scripts in each
vserver. No hassle with v_sshd and so forth.

Just wanted to warn, before you're starting to look for clues in the
wrong places. :-)

Halb
weOs ag, development
germany

> On 7 Aug 2002 at 11:47, Cathy Sarisky wrote:
>
> > > 1) You need to have CAP_NET_RAW set in the conf file for the vserver in
> > > order to have any access to the internet. Without it you won't be able to
> > > ping anything from within a vserver. I would guess that you won't be able to
> > > see http/pop etc on the vservers without it hence the fact that someone
> > > couldn't contact the vservers.
> >
> > You can definitely have internet access for a vserver without CAP_NET_RAW. You
> > do lose ping, but tcp and udp work fine. I've currently got a vserver doing
> > domain name service (using tinydns - not BIND), and several serving up web
> > pages, accepting and sending email, etc. Actually, I'm happy to lose ping,
> > since it reduces the likelihood (slightly anyway) of a vserver being used for a
> > DoS attack.
> >
> > HTH,
> >
> > Cathy Sarisky
> > www.acornhosting.net
> >
>

-- 
"I love deadlines. I like the whooshing sound they make as they fly by."
-- Douglas Adams

About this list Date view Thread view Subject view Author view Attachment view

This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:01 EDT