egarciat
asked on
Linux 1 NIC 2 IPs on different networks, want to bind one apache instance only to second IP.
Hi,
I have a Linux box with only a NIC, I have been assigned 2 ip address on different networks, and of course different default GWs, currently I have activated only one of them (IP-A) in the usual way, and it works.
IP-A is let's say 10.0.0.20 with default gw: 10.0.0.1
IP-B is let's say 192.168.1.20 with default gw: 192.168.0.1
Apache is working let's name it Apache-A
I need to set a new apache server only for IP-B, that will have different config from that running for IP-A, so what I am going to do, is to bind Apache instance A, only to IP-A, and will execute another instance with another config file for IP-B and will bind it only for that IP..
What I want to achieve is that requests comming from net-A be handled with apache-A and requests comming from net-B to be handled by apache-B.
My current Linux initialization scripts gets the IP-A, from DHCP... so dhcp sets the default gw, to net's-A 10.0.0.1.
So, what can I do to initialize the NIC (after getting IP-A address via DHCP), with the network-B IP,
and make sure that apache instance-B does not send back requests comming from IP-B trough DefaultGW-A, (it has to use defaultGW-B)?
The first step is simple:
ifconfig eth:0 192.168.1.20 up
What follows?, "ip" command?, "route" command?, "iptables" ??.......
(IP based virtual hosts is not a solution)
I have a Linux box with only a NIC, I have been assigned 2 ip address on different networks, and of course different default GWs, currently I have activated only one of them (IP-A) in the usual way, and it works.
IP-A is let's say 10.0.0.20 with default gw: 10.0.0.1
IP-B is let's say 192.168.1.20 with default gw: 192.168.0.1
Apache is working let's name it Apache-A
I need to set a new apache server only for IP-B, that will have different config from that running for IP-A, so what I am going to do, is to bind Apache instance A, only to IP-A, and will execute another instance with another config file for IP-B and will bind it only for that IP..
What I want to achieve is that requests comming from net-A be handled with apache-A and requests comming from net-B to be handled by apache-B.
My current Linux initialization scripts gets the IP-A, from DHCP... so dhcp sets the default gw, to net's-A 10.0.0.1.
So, what can I do to initialize the NIC (after getting IP-A address via DHCP), with the network-B IP,
and make sure that apache instance-B does not send back requests comming from IP-B trough DefaultGW-A, (it has to use defaultGW-B)?
The first step is simple:
ifconfig eth:0 192.168.1.20 up
What follows?, "ip" command?, "route" command?, "iptables" ??.......
(IP based virtual hosts is not a solution)
you can not have 2 active gateways by default; Using routers, you can setup policy routing.
If you follow this tutorial, you will find this is what you are trying to accomplish:
http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/
Billy
If you follow this tutorial, you will find this is what you are trying to accomplish:
http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/
Billy
ASKER
arober11:
Last line in question post states: (IP based virtual hosts is not a solution)
rfc1180:
almost, almost, however I have no access to the server kernel, neither allowed to recompile and use a new kernel, however I do have root access.
Do you know if there is a way to know if such options are already active in my current kernel?..
[*] TCP/IP networking
[*] IP: advanced router
[*] IP: policy routing
[*] IP: use netfilter MARK value as routing key
TCP/IP is of course present :)
(/proc/config.gz is NOT available :( , however proc exists and have some nodes there... )
Last line in question post states: (IP based virtual hosts is not a solution)
rfc1180:
almost, almost, however I have no access to the server kernel, neither allowed to recompile and use a new kernel, however I do have root access.
Do you know if there is a way to know if such options are already active in my current kernel?..
[*] TCP/IP networking
[*] IP: advanced router
[*] IP: policy routing
[*] IP: use netfilter MARK value as routing key
TCP/IP is of course present :)
(/proc/config.gz is NOT available :( , however proc exists and have some nodes there... )
>[*] IP: policy routing
>however I do have root access.
Looks like you are all set policy routing is built in and not as a module, so you should be all set to go.
Billy
>however I do have root access.
Looks like you are all set policy routing is built in and not as a module, so you should be all set to go.
Billy
ASKER
I'm sorry, I copied verbatim the options from the url you posted, I was trying to list the required options..
What I meant was:
How can I know if I have the following options enabled in my current kernel?:
- TCP/IP networking
- IP: advanced router
- IP: policy routing
- IP: use netfilter MARK value as routing key
What I meant was:
How can I know if I have the following options enabled in my current kernel?:
- TCP/IP networking
- IP: advanced router
- IP: policy routing
- IP: use netfilter MARK value as routing key
ASKER
Guess what?..
Config is available, (I searched days ago and it wasn't... :S )
Do you think, that my kernel is readay for that?..
Config is available, (I searched days ago and it wasn't... :S )
Do you think, that my kernel is readay for that?..
root@host:/lib/modules# zcat /proc/config.gz | grep IP_
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_ASK_IP_FIB_HASH=y
# CONFIG_IP_FIB_TRIE is not set
CONFIG_IP_FIB_HASH=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_MULTIPATH_CACHED=y
CONFIG_IP_ROUTE_MULTIPATH_RR=y
CONFIG_IP_ROUTE_MULTIPATH_RANDOM=y
CONFIG_IP_ROUTE_MULTIPATH_WRANDOM=y
CONFIG_IP_ROUTE_MULTIPATH_DRR=y
CONFIG_IP_ROUTE_VERBOSE=y
CONFIG_IP_PNP=y
CONFIG_IP_PNP_DHCP=y
CONFIG_IP_PNP_BOOTP=y
CONFIG_IP_PNP_RARP=y
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
# CONFIG_IP_VS is not set
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_CONNTRACK_MARK=y
CONFIG_IP_NF_CONNTRACK_SECMARK=y
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=y
CONFIG_IP_NF_IRC=y
# CONFIG_IP_NF_NETBIOS_NS is not set
CONFIG_IP_NF_TFTP=y
CONFIG_IP_NF_AMANDA=y
CONFIG_IP_NF_PPTP=y
# CONFIG_IP_NF_H323 is not set
# CONFIG_IP_NF_SIP is not set
CONFIG_IP_NF_QUEUE=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_IPRANGE=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_RECENT=y
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_DSCP=y
CONFIG_IP_NF_MATCH_AH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_OWNER=y
CONFIG_IP_NF_MATCH_ADDRTYPE=y
CONFIG_IP_NF_MATCH_HASHLIMIT=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
CONFIG_IP_NF_TARGET_TCPMSS=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_TARGET_NETMAP=y
CONFIG_IP_NF_TARGET_SAME=y
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_IRC=y
CONFIG_IP_NF_NAT_FTP=y
CONFIG_IP_NF_NAT_TFTP=y
CONFIG_IP_NF_NAT_AMANDA=y
CONFIG_IP_NF_NAT_PPTP=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_DSCP=y
CONFIG_IP_NF_TARGET_TTL=y
# CONFIG_IP_NF_TARGET_CLUSTERIP is not set
CONFIG_IP_NF_RAW=y
# CONFIG_IP_NF_ARPTABLES is not set
# CONFIG_IP_DCCP is not set
CONFIG_IP_SCTP=y
CONFIG_SLIP_COMPRESSED=y
CONFIG_SLIP_SMART=y
CONFIG_SLIP_MODE_SLIP6=y
root@host:/lib/modules# zcat /proc/config.gz | grep POLICY
CONFIG_NETFILTER_XT_MATCH_POLICY=y
root@host:/lib/modules# zcat /proc/config.gz | grep MARK
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_NETWORK_SECMARK=y
CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
CONFIG_NETFILTER_XT_TARGET_MARK=y
CONFIG_NETFILTER_XT_TARGET_SECMARK=y
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y
CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
CONFIG_NETFILTER_XT_MATCH_MARK=y
CONFIG_IP_NF_CONNTRACK_MARK=y
CONFIG_IP_NF_CONNTRACK_SECMARK=y
CONFIG_BRIDGE_EBT_MARK=y
CONFIG_BRIDGE_EBT_MARK_T=y
CONFIG_NET_SCH_DSMARK=y
CONFIG_CLS_U32_MARK=y
root@host:/lib/modules#
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi, I was unable to test configuration posted by you, due to techincal issues on the server.
Since these are local problems, I am almos sure your posted comment will do the trick once these issues are resolved.
So I am accepting the solution.
Since these are local problems, I am almos sure your posted comment will do the trick once these issues are resolved.
So I am accepting the solution.
Listen 11.22.33.44:80
Listen 22.33.44.55:80
<VirtualHost 11.22.33.44:80>
...
</VirtualHost>
<VirtualHost 22.33.44.55:80>
...
</VirtualHost>
See: http://httpd.apache.org/docs/2.0/vhosts/ip-based.html