Solved

Linux 1 NIC 2 IPs on different networks, want to bind one apache instance only to second IP.

Posted on 2010-09-03
9
516 Views
Last Modified: 2012-05-10
Hi,

I have a Linux box with only a NIC, I have been assigned 2 ip address on different networks, and of course different default GWs, currently I have activated only one of them (IP-A) in the usual way, and it works.

IP-A is let's say 10.0.0.20 with default gw: 10.0.0.1
IP-B is let's say 192.168.1.20 with default gw: 192.168.0.1

Apache is working let's name it Apache-A

I need to set a new apache server only for IP-B, that will have different config from that running for IP-A, so what I am going to do, is to bind Apache instance A, only to IP-A, and will execute another instance with another config file for IP-B and will bind it only for that IP..

What I want to achieve is that requests comming from net-A be handled with apache-A and requests comming from net-B to be handled by apache-B.

My current Linux initialization scripts gets the IP-A, from DHCP... so dhcp sets the default gw, to net's-A 10.0.0.1.

So, what can I do to initialize the NIC (after getting IP-A address via DHCP), with the network-B IP,
and make sure that apache instance-B does not send back requests comming from IP-B trough DefaultGW-A, (it has to use defaultGW-B)?

The first step is simple:

ifconfig eth:0 192.168.1.20 up

What follows?, "ip" command?, "route" command?, "iptables" ??.......

(IP based virtual hosts is not a solution)
0
Comment
Question by:egarciat
  • 4
  • 4
9 Comments
 
LVL 26

Expert Comment

by:arober11
ID: 33601449
Simple, just have to separate Listen and two separate VirtualHost definitions in you httpd.conf e.g.

Listen 11.22.33.44:80
Listen 22.33.44.55:80


<VirtualHost 11.22.33.44:80>
...
</VirtualHost>


<VirtualHost 22.33.44.55:80>
...
</VirtualHost>

See: http://httpd.apache.org/docs/2.0/vhosts/ip-based.html
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33601454
you can not have 2 active gateways by default; Using routers, you can setup policy routing.

If you follow this tutorial, you will find this is what you are trying to accomplish:

http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/

Billy
0
 
LVL 3

Author Comment

by:egarciat
ID: 33601511
arober11:

Last line in question post states: (IP based virtual hosts is not a solution)

rfc1180:

almost, almost, however I have no access to the server kernel, neither allowed to recompile and use a new kernel, however I do have root access.

Do you know if there is a way to know if such options are already active in my current kernel?..

[*] TCP/IP networking
[*] IP: advanced router
[*] IP: policy routing
[*] IP: use netfilter MARK value as routing key

TCP/IP is of course present :)

(/proc/config.gz is NOT available :( , however proc exists and have some nodes there... )

0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33601576
>[*] IP: policy routing

>however I do have root access.

Looks like you are all set  policy routing is built in and not as a module, so you should be all set to go.

Billy
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 3

Author Comment

by:egarciat
ID: 33601641
I'm sorry, I copied verbatim the options from the url you posted, I was trying to list the required options..

What I meant was:

How can I know if I have the following options enabled in my current kernel?:

- TCP/IP networking
- IP: advanced router
- IP: policy routing
- IP: use netfilter MARK value as routing key

0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33601707
0
 
LVL 3

Author Comment

by:egarciat
ID: 33602072
Guess what?..

Config is available, (I searched days ago and it wasn't... :S )

Do you think, that my kernel is readay for that?..


root@host:/lib/modules# zcat /proc/config.gz | grep IP_

CONFIG_IP_MULTICAST=y

CONFIG_IP_ADVANCED_ROUTER=y

CONFIG_ASK_IP_FIB_HASH=y

# CONFIG_IP_FIB_TRIE is not set

CONFIG_IP_FIB_HASH=y

CONFIG_IP_MULTIPLE_TABLES=y

CONFIG_IP_ROUTE_FWMARK=y

CONFIG_IP_ROUTE_MULTIPATH=y

CONFIG_IP_ROUTE_MULTIPATH_CACHED=y

CONFIG_IP_ROUTE_MULTIPATH_RR=y

CONFIG_IP_ROUTE_MULTIPATH_RANDOM=y

CONFIG_IP_ROUTE_MULTIPATH_WRANDOM=y

CONFIG_IP_ROUTE_MULTIPATH_DRR=y

CONFIG_IP_ROUTE_VERBOSE=y

CONFIG_IP_PNP=y

CONFIG_IP_PNP_DHCP=y

CONFIG_IP_PNP_BOOTP=y

CONFIG_IP_PNP_RARP=y

CONFIG_IP_MROUTE=y

CONFIG_IP_PIMSM_V1=y

CONFIG_IP_PIMSM_V2=y

# CONFIG_IP_VS is not set

CONFIG_IP_NF_CONNTRACK=y

CONFIG_IP_NF_CT_ACCT=y

CONFIG_IP_NF_CONNTRACK_MARK=y

CONFIG_IP_NF_CONNTRACK_SECMARK=y

# CONFIG_IP_NF_CONNTRACK_EVENTS is not set

# CONFIG_IP_NF_CT_PROTO_SCTP is not set

CONFIG_IP_NF_FTP=y

CONFIG_IP_NF_IRC=y

# CONFIG_IP_NF_NETBIOS_NS is not set

CONFIG_IP_NF_TFTP=y

CONFIG_IP_NF_AMANDA=y

CONFIG_IP_NF_PPTP=y

# CONFIG_IP_NF_H323 is not set

# CONFIG_IP_NF_SIP is not set

CONFIG_IP_NF_QUEUE=y

CONFIG_IP_NF_IPTABLES=y

CONFIG_IP_NF_MATCH_IPRANGE=y

CONFIG_IP_NF_MATCH_TOS=y

CONFIG_IP_NF_MATCH_RECENT=y

CONFIG_IP_NF_MATCH_ECN=y

CONFIG_IP_NF_MATCH_DSCP=y

CONFIG_IP_NF_MATCH_AH=y

CONFIG_IP_NF_MATCH_TTL=y

CONFIG_IP_NF_MATCH_OWNER=y

CONFIG_IP_NF_MATCH_ADDRTYPE=y

CONFIG_IP_NF_MATCH_HASHLIMIT=y

CONFIG_IP_NF_FILTER=y

CONFIG_IP_NF_TARGET_REJECT=y

CONFIG_IP_NF_TARGET_LOG=y

CONFIG_IP_NF_TARGET_ULOG=y

CONFIG_IP_NF_TARGET_TCPMSS=y

CONFIG_IP_NF_NAT=y

CONFIG_IP_NF_NAT_NEEDED=y

CONFIG_IP_NF_TARGET_MASQUERADE=y

CONFIG_IP_NF_TARGET_REDIRECT=y

CONFIG_IP_NF_TARGET_NETMAP=y

CONFIG_IP_NF_TARGET_SAME=y

# CONFIG_IP_NF_NAT_SNMP_BASIC is not set

CONFIG_IP_NF_NAT_IRC=y

CONFIG_IP_NF_NAT_FTP=y

CONFIG_IP_NF_NAT_TFTP=y

CONFIG_IP_NF_NAT_AMANDA=y

CONFIG_IP_NF_NAT_PPTP=y

CONFIG_IP_NF_MANGLE=y

CONFIG_IP_NF_TARGET_TOS=y

CONFIG_IP_NF_TARGET_ECN=y

CONFIG_IP_NF_TARGET_DSCP=y

CONFIG_IP_NF_TARGET_TTL=y

# CONFIG_IP_NF_TARGET_CLUSTERIP is not set

CONFIG_IP_NF_RAW=y

# CONFIG_IP_NF_ARPTABLES is not set

# CONFIG_IP_DCCP is not set

CONFIG_IP_SCTP=y

CONFIG_SLIP_COMPRESSED=y

CONFIG_SLIP_SMART=y

CONFIG_SLIP_MODE_SLIP6=y





root@host:/lib/modules# zcat /proc/config.gz | grep POLICY

CONFIG_NETFILTER_XT_MATCH_POLICY=y





root@host:/lib/modules# zcat /proc/config.gz | grep MARK

CONFIG_IP_ROUTE_FWMARK=y

CONFIG_NETWORK_SECMARK=y

CONFIG_NETFILTER_XT_TARGET_CONNMARK=y

CONFIG_NETFILTER_XT_TARGET_MARK=y

CONFIG_NETFILTER_XT_TARGET_SECMARK=y

CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y

CONFIG_NETFILTER_XT_MATCH_CONNMARK=y

CONFIG_NETFILTER_XT_MATCH_MARK=y

CONFIG_IP_NF_CONNTRACK_MARK=y

CONFIG_IP_NF_CONNTRACK_SECMARK=y

CONFIG_BRIDGE_EBT_MARK=y

CONFIG_BRIDGE_EBT_MARK_T=y

CONFIG_NET_SCH_DSMARK=y

CONFIG_CLS_U32_MARK=y



root@host:/lib/modules#

Open in new window

0
 
LVL 24

Accepted Solution

by:
rfc1180 earned 500 total points
ID: 33603328
http://cateee.net/lkddb/web-lkddb/IP_MULTIPLE_TABLES.html
CONFIG_IP_MULTIPLE_TABLES=y  (- IP: policy routing)


CONFIG_IP_ADVANCED_ROUTER=y (- IP: advanced router)
CONFIG_IP_ROUTE_FWMARK=y  (- IP: use netfilter MARK value as routing key)

Yup, looks like you are good to go

Billy
0
 
LVL 3

Author Comment

by:egarciat
ID: 33612982
Hi, I was unable to test configuration posted by you, due to techincal issues on the server.

Since these are local problems, I am almos sure your posted comment will do the trick once these issues are resolved.

So I am accepting the solution.

0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Increase size of permitted URI 4 45
PHP Register global 21 76
Linux Login using LDAP or Active Directory 4 110
linux apache localhost dev laptop 5 48
If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now