Solved

Linux 1 NIC 2 IPs on different networks, want to bind one apache instance only to second IP.

Posted on 2010-09-03
9
521 Views
Last Modified: 2012-05-10
Hi,

I have a Linux box with only a NIC, I have been assigned 2 ip address on different networks, and of course different default GWs, currently I have activated only one of them (IP-A) in the usual way, and it works.

IP-A is let's say 10.0.0.20 with default gw: 10.0.0.1
IP-B is let's say 192.168.1.20 with default gw: 192.168.0.1

Apache is working let's name it Apache-A

I need to set a new apache server only for IP-B, that will have different config from that running for IP-A, so what I am going to do, is to bind Apache instance A, only to IP-A, and will execute another instance with another config file for IP-B and will bind it only for that IP..

What I want to achieve is that requests comming from net-A be handled with apache-A and requests comming from net-B to be handled by apache-B.

My current Linux initialization scripts gets the IP-A, from DHCP... so dhcp sets the default gw, to net's-A 10.0.0.1.

So, what can I do to initialize the NIC (after getting IP-A address via DHCP), with the network-B IP,
and make sure that apache instance-B does not send back requests comming from IP-B trough DefaultGW-A, (it has to use defaultGW-B)?

The first step is simple:

ifconfig eth:0 192.168.1.20 up

What follows?, "ip" command?, "route" command?, "iptables" ??.......

(IP based virtual hosts is not a solution)
0
Comment
Question by:egarciat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 26

Expert Comment

by:arober11
ID: 33601449
Simple, just have to separate Listen and two separate VirtualHost definitions in you httpd.conf e.g.

Listen 11.22.33.44:80
Listen 22.33.44.55:80


<VirtualHost 11.22.33.44:80>
...
</VirtualHost>


<VirtualHost 22.33.44.55:80>
...
</VirtualHost>

See: http://httpd.apache.org/docs/2.0/vhosts/ip-based.html
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33601454
you can not have 2 active gateways by default; Using routers, you can setup policy routing.

If you follow this tutorial, you will find this is what you are trying to accomplish:

http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/

Billy
0
 
LVL 3

Author Comment

by:egarciat
ID: 33601511
arober11:

Last line in question post states: (IP based virtual hosts is not a solution)

rfc1180:

almost, almost, however I have no access to the server kernel, neither allowed to recompile and use a new kernel, however I do have root access.

Do you know if there is a way to know if such options are already active in my current kernel?..

[*] TCP/IP networking
[*] IP: advanced router
[*] IP: policy routing
[*] IP: use netfilter MARK value as routing key

TCP/IP is of course present :)

(/proc/config.gz is NOT available :( , however proc exists and have some nodes there... )

0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 
LVL 24

Expert Comment

by:rfc1180
ID: 33601576
>[*] IP: policy routing

>however I do have root access.

Looks like you are all set  policy routing is built in and not as a module, so you should be all set to go.

Billy
0
 
LVL 3

Author Comment

by:egarciat
ID: 33601641
I'm sorry, I copied verbatim the options from the url you posted, I was trying to list the required options..

What I meant was:

How can I know if I have the following options enabled in my current kernel?:

- TCP/IP networking
- IP: advanced router
- IP: policy routing
- IP: use netfilter MARK value as routing key

0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33601707
0
 
LVL 3

Author Comment

by:egarciat
ID: 33602072
Guess what?..

Config is available, (I searched days ago and it wasn't... :S )

Do you think, that my kernel is readay for that?..


root@host:/lib/modules# zcat /proc/config.gz | grep IP_
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_ASK_IP_FIB_HASH=y
# CONFIG_IP_FIB_TRIE is not set
CONFIG_IP_FIB_HASH=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_MULTIPATH_CACHED=y
CONFIG_IP_ROUTE_MULTIPATH_RR=y
CONFIG_IP_ROUTE_MULTIPATH_RANDOM=y
CONFIG_IP_ROUTE_MULTIPATH_WRANDOM=y
CONFIG_IP_ROUTE_MULTIPATH_DRR=y
CONFIG_IP_ROUTE_VERBOSE=y
CONFIG_IP_PNP=y
CONFIG_IP_PNP_DHCP=y
CONFIG_IP_PNP_BOOTP=y
CONFIG_IP_PNP_RARP=y
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
# CONFIG_IP_VS is not set
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_CONNTRACK_MARK=y
CONFIG_IP_NF_CONNTRACK_SECMARK=y
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=y
CONFIG_IP_NF_IRC=y
# CONFIG_IP_NF_NETBIOS_NS is not set
CONFIG_IP_NF_TFTP=y
CONFIG_IP_NF_AMANDA=y
CONFIG_IP_NF_PPTP=y
# CONFIG_IP_NF_H323 is not set
# CONFIG_IP_NF_SIP is not set
CONFIG_IP_NF_QUEUE=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_IPRANGE=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_RECENT=y
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_DSCP=y
CONFIG_IP_NF_MATCH_AH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_OWNER=y
CONFIG_IP_NF_MATCH_ADDRTYPE=y
CONFIG_IP_NF_MATCH_HASHLIMIT=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
CONFIG_IP_NF_TARGET_TCPMSS=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_TARGET_NETMAP=y
CONFIG_IP_NF_TARGET_SAME=y
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_IRC=y
CONFIG_IP_NF_NAT_FTP=y
CONFIG_IP_NF_NAT_TFTP=y
CONFIG_IP_NF_NAT_AMANDA=y
CONFIG_IP_NF_NAT_PPTP=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_DSCP=y
CONFIG_IP_NF_TARGET_TTL=y
# CONFIG_IP_NF_TARGET_CLUSTERIP is not set
CONFIG_IP_NF_RAW=y
# CONFIG_IP_NF_ARPTABLES is not set
# CONFIG_IP_DCCP is not set
CONFIG_IP_SCTP=y
CONFIG_SLIP_COMPRESSED=y
CONFIG_SLIP_SMART=y
CONFIG_SLIP_MODE_SLIP6=y


root@host:/lib/modules# zcat /proc/config.gz | grep POLICY
CONFIG_NETFILTER_XT_MATCH_POLICY=y


root@host:/lib/modules# zcat /proc/config.gz | grep MARK
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_NETWORK_SECMARK=y
CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
CONFIG_NETFILTER_XT_TARGET_MARK=y
CONFIG_NETFILTER_XT_TARGET_SECMARK=y
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y
CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
CONFIG_NETFILTER_XT_MATCH_MARK=y
CONFIG_IP_NF_CONNTRACK_MARK=y
CONFIG_IP_NF_CONNTRACK_SECMARK=y
CONFIG_BRIDGE_EBT_MARK=y
CONFIG_BRIDGE_EBT_MARK_T=y
CONFIG_NET_SCH_DSMARK=y
CONFIG_CLS_U32_MARK=y

root@host:/lib/modules#

Open in new window

0
 
LVL 24

Accepted Solution

by:
rfc1180 earned 500 total points
ID: 33603328
http://cateee.net/lkddb/web-lkddb/IP_MULTIPLE_TABLES.html
CONFIG_IP_MULTIPLE_TABLES=y  (- IP: policy routing)


CONFIG_IP_ADVANCED_ROUTER=y (- IP: advanced router)
CONFIG_IP_ROUTE_FWMARK=y  (- IP: use netfilter MARK value as routing key)

Yup, looks like you are good to go

Billy
0
 
LVL 3

Author Comment

by:egarciat
ID: 33612982
Hi, I was unable to test configuration posted by you, due to techincal issues on the server.

Since these are local problems, I am almos sure your posted comment will do the trick once these issues are resolved.

So I am accepting the solution.

0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question