1

I would like to run services like mysqld, apache and vsftpd in separated environment: w/o access to other processes, w/o access to devices, w/o access to binaries and don't execute uploaded files. As i understand linux containers are able to provide me with first 2, so I'm trying it. The problem is i want linux containers to share same ip so containers will actually just provide different services. Is that possible?

Thank you.

Daniel
  • 304
  • 1
  • 4
  • 17

2 Answers2

1

In order to share an IP address you'll have to have the primary server "be" the address and then port forward the services you want running on the other instances. You can accomplish portforwarding in linux using iptables (and a google or other search for "iptables port forwarding" returns many useful hits which I won't attempt to pick the best ones from).

Wes Hardaker
  • 774
  • 5
  • 6
  • i know about port forwarding, but i thought there are other ways to accomplish impmement this idea :( pity that chroot won't do, i can't limit it to don't allow device usage. – Daniel Mar 20 '11 at 15:48
1

The Debian Wiki page on LXC mentions two variants of accomplishing that using NAT on the host machine. I'm using the approach with libvirt and have had no problems with that so far.

The Wiki page may seem like a good information source, but the maintainer himself says that you should rather refer to the file /usr/share/doc/lxc/README.Debian for up-to-date information.

See this question, too

Community
  • 1
moschlar
  • 126
  • 5