At home I use virtual servers as "bastion hosts". So my web server is on one vhost, the mail server on another, and so on. Up until now I've been using vserver but I'm migrating to a newer bigger machine and don't want to deal with maintaining my own host kernel, which might cause host OS interaction issues. So I'm wanting to rebuild using UML.
I've mostly got it working, but I'm not happy with the security of the networking.
I've tried using tuntap thus:
Code:
brctl addif br0 eth0
ifconfig br0 10.10.10.100 up
int=`tunctl -b`
brctl addif br0 $int
linux .... eth0=tuntap,$int ....
This works and the UML can set an IP address and sees the network. BUT.. the vhost decides on the IP address. If someone _did_ manage to break into the vhost then they could disrupt other servers by changing IP address.
I looked at
http://user-mode-linux.sourceforge.net/ ... rking.html but none of the options there appear to work well... OR I'm making a mistake!
Does anyone know a secure way of forcing the client to have a specific IP address on a bridged network?
Thanks!