|
Matthew Crocker wrote:
Hello all,
I'm working on the next generation of my network. Ideally I don't want
any machine on the Internet but I would like to have the services the
provide on the network. For example, I all of my servers to physically
be on 192.168.x.y networks with User Mode Linux virtual machines running
to handle each service. One physical machine may handle qmail in one
UML, apache in another. If someone breaks root through an apache bug
they do not become root on the network or the physical machine. Would
it be possible to have a LVS enabled kernel running under a non-LVS
enabled kernel using UML so my directors won't actually be on the
Internet? If the LVS kernel crashed I could have the parent kernel
restart the virtual machine with a shell script. root on any one
machine will still be a normal user on the host machine and network.
-Matt
I got it running and wrote a quick rough draft doc which explains how to
do it, I'll email you and Joseph Mack so you can see it. The document
ain't pretty yet.
|
