I'd like to use one Linode as a proxy server for another. I'm planning to have a "private" server A, accessible only to me and running only some utility stuff, and a "public" server B, accessible to a whole bunch of people, including some with admin privileges whom I don't fully trust. I'd like all of B's Internet traffic to be sent through A, so that I can do stuff like preventing it from sending email. Of course, it might suffice simply to block certain ports, which might be more possible but also would be less flexible. What think ye?

If they have root access on B, there's no way to force their network traffic to go through A. If they don't have root access on B, then you can control network traffic using B's firewall. So while there might be practical advantages to doing things as you propose, I don't see any security advantages.

Actually, you *CAN* force them. If one of the VPS only has a private IP address bound, then the only way they can access that machine is from another VPS on your account.

Why can't they get around this? Because the only way to get from that machine to the net (other than through the other VPS) would be to add the public IP and reboot. But since they have no way of knowing the public IP (there are a rather large number of possibilities), there's nothing that they can do about it.

All they'd have to do it hit up the DHCP server for one.

~JW

In which case, ask Linode to remove the IP from the Linode. There won't be anything for the DHCP server to return.

Or any other Linode with a private IP in the same data center...