On Thu, Apr 9, 2009 at 12:14 PM, Serge E. Hallyn <serue@xxxxxxxxxx> wrote: > Quoting Elwin Stelzer Eliazer (stelzere@xxxxxxxxx): > > > > On Apr 9, 2009, at 6:57 AM, "Serge E. Hallyn" <serue@xxxxxxxxxx> wrote: > > > >> Quoting Elwin Stelzer Eliazer (stelzere@xxxxxxxxx): > >>> Hi, > >>> > >>> I am trying to use network namespace for virtualizing some socket > >>> applications i already have. > >>> These applications interact with Apache through 'lo' 127.0.0.1:nnn > >>> sockets > >>> now. > >>> When i virtualize, i do not want to run Apache inside the container, > >>> and has > >>> to be outside. > >>> I can not use any non-127.x.x.x IP address for this purpose, or have > >>> any > >>> separate "host-only" kind of internal network. > >>> I would appreciate if someone can let me know the options i have to > >>> accomplish this, with network namespace, and 2.6.29 or 2.6.30. > >> > >> So to be clear, what you want is to have an application in a separate > >> network namespace from apache, but talking over a shared loopback? > >> > > > > Yes. But I am not very specific about the loopback. > > > >> Can you use a veth tunnel pair? You don't have to tie them to a > >> bridge so the socket app won't be on the public net. > >> > >> -serge > > > > Yes I can do without the bridge. But what IP address for the veth? Can > > it be a 127.x.x.x? My solution cannot have a regular public or private > > ip that can interfere with external network. The reason I mentioned > > bridge was it will reduce the ip subnet needed to one. If you can > > suggest a solution that leverages 127.x.x.x it will be useful. > > Actually is there any reason you can't use a unix socket? > > -serge > Apache listens on IP sockets. I am proceeding with a solution having a process outside container that will relay IPC messages to the network space sockets outside the container into 127.x.x.x. I have another question on netfilter/iptables under namespace; will post it on a separate thread. Thanks for your answers. cheers, Elwin. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers