On Wednesday 22 March 2006 18:58, David Lang wrote: > Ok, not that I have interfaces showing up inside uml (2.6.15.6 didn't > work, but 2.6.16 does) I have another question.
> is it possible to dedicate physical network interfaces to particular uml > interfaces? I'm not sure, but I think you're asking the wrong question. If your purpose is security, the best answer is iptables, filtering based on -i (ingress interface). The other possibility is bridging. > I intend to run a half dozen uml instances on a box with 8 physical > network interfaces, each one on seperate networks. I would prefer to have > routeing disabled on the host entirely (the networks are seperated for > security reasons and I need to make sure that the host box doesn't open up > a hole betwen them). The ideal situation would be to configure the first > uml instance to use the physical eth0 and all configuration then takes > place within the uml. > is this possible? > the closest that I'm seeing in the docs is to have the host configure the > IP's for each interface, and then bridge to the uml's. but this bridging > seems like it would significantly weaken the seperation of the different > networks. It wouldn't mix together different networks, you bridge eth0 with tap0 on br0, eth1 with tap1 on br1, and so on, and then probably you can disable packet forwarding with echo 0 > /proc/sys/net/ipv4/ip_forward this should work (I'm not sure but bridges should work even with that disabled). The bad side is that each UML sees every packet the host sees. -- Inform me of my mistakes, so I can keep imitating Homer Simpson's "Doh!". Paolo Giarrusso, aka Blaisorblade (Skype ID "PaoloGiarrusso", ICQ 215621894) http://www.user-mode-linux.org/~blaisorblade ___________________________________ Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB http://mail.yahoo.it ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ User-mode-linux-user mailing list User-mode-linux-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
