|
Hello all,
I'm working on the next generation of my network. Ideally I don't
want any machine on the Internet but I would like to have the services
the provide on the network. For example, I all of my servers to
physically be on 192.168.x.y networks with User Mode Linux virtual
machines running to handle each service. One physical machine may
handle qmail in one UML, apache in another. If someone breaks root
through an apache bug they do not become root on the network or the
physical machine. Would it be possible to have a LVS enabled kernel
running under a non-LVS enabled kernel using UML so my directors won't
actually be on the Internet? If the LVS kernel crashed I could have
the parent kernel restart the virtual machine with a shell script.
root on any one machine will still be a normal user on the host machine
and network.
-Matt
|
