Solved

Multiple Publc IPs

Posted on 2009-04-09
8
177 Views
Last Modified: 2013-12-16
Hi,

My server is having two interfaces eth0 and eth0:1 having different public IPs.

I have two websites under different virtual hosts on different ports 80 and 8080

Both the websites are designed to download contents from different servers which are firewalled . We cannot just use any IP to fetch data because  we need to log the requests for each IP and we also do not want this to mix.

I want that when sites on port 80 fetches data, it gives the public IP A to the other server and site on port 8080 gives public IP B

In my mind iptables NAT is coming but I am not sure what to really use and also I am not clear what options to use.


0
Comment
Question by:mdswireless
  • 4
  • 3
8 Comments
 
LVL 43

Expert Comment

by:ravenpl
ID: 24114470
> Both the websites are designed to download contents from different servers which are firewalled
You mean some php/cgi-like script is connecting to another webserver acting proxy-like?

If so, then there's nothing You can do - unless You are able to change this php/cgi script and force it to somehow mark it's connections.

Or maybe the cgi/php should act like proxy, setting the Via http header variable - then You could distinguish the traffic based on that variable?
0
 
LVL 14

Expert Comment

by:cjl7
ID: 24127191
DNAT/SNAT is what you are looking for,

http://linux-ip.net/html/nat-dnat.html


is a good place to start.

//jonas

0
 

Author Comment

by:mdswireless
ID: 24129381
Ok, but how to use DNAT based on network interface
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 24129651
Why haven't You answered my questions? If You need this proxy-like app, then NAT no use here, the proxy looses the information about incoming interface(at least kernel cannot match the incoming and outgoing connections as one)
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:mdswireless
ID: 24129682
No , You cannot say that its kind of proxy, Its a cgi script which automatically fetches data from a remote server on execution.
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 24129815
Well, then unless the script is "co-operating", You cannot match those two connections to route the second one.
Can You develop the script? The script could bind it's outgoing socket to given IP, it could mark packets, it could connect to localhost proxy which would route the connection, etc.
0
 

Author Comment

by:mdswireless
ID: 24129855
But, its a same script running twice on different ports and do not have anything to with each other.

So there is no way to use different public IPS using different ports ?

The script is simple bash script, running as CGI, which function can I use to bind public IP like this
0
 
LVL 43

Accepted Solution

by:
ravenpl earned 500 total points
ID: 24129966
> But, its a same script running twice on different ports and do not have anything to with each other.
But it knows on which port it's running(cgi or env variables)

> The script is simple bash script, running as CGI, which function can I use to bind public IP like this
Hmm, I understand. The bash script has to use some next client to download the data from firewalled servers - what it is? Curl, wget?
Both can set various http headers, which can be used to distinguish the traffic on the server side.
Curl has this --local-port option, which can be usefull(but not bulletproof) for traffic routing.

Or maybe it's the script who should log the traffic-by-ip?
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now