If that seperate lan is still attached to the same physical network, how is this any different then just removing the routes on your DB server and a using good set of iptables? They both would be accessible from any device plugged into the lan (other linodes), and both wouldn't be accessible from any device outside the lan (internet). Am I missing something?

kenny

It isn't

The standard method is to usual set-up a private lan, between just your servers, so only you would have access to them, if you where colo servers, or had a bunch of dedicated servers, it is also to do with bandwidth usage.

The way the set-up is at linode.com it would not matter either way.

Adam

Just another datapoint: I created my first Linode this morning, booted it briefly to check I could ssh into it, and then shut it down again. Nothing in the outside world knows it exists yet.

But still I have 514KB of incoming traffic in a few hours, to a brand new linode that's 'off' and no-one knows about. Clearly that's not right

Chris, do you have an e.t.a for a fix for this?

Paul

I can't give you an ETA yet, but I have been messing around with a solution...

-Chris

In an effort to minimize traffic I have set up shorewall, to DROP packets I don't want, this should half 'idle' traffic as it doesn't send a responce. It's really weird, I was getting heaps of pings from *.hotmail.com hosts. Now I don't reply to them. Im also using ipfm to log traffic, by source.

I added some network filtering so the UDP port 137 traffic should no longer be running wild.

I also improved the network monitoring. You should only get ICMP ping (and possibly a packet or two to port 80) from the host your Linode is on every minute. Previously, every host was blindly monitoring every IP, regardless of where the Linode was.

Still working on the "non-local-only traffic accounting" fix.

-Chris