Linux 1 NIC 2 IPs on different networks, want to bind one apache instance only to second IP.

Hi,

I have a Linux box with only a NIC, I have been assigned 2 ip address on different networks, and of course different default GWs, currently I have activated only one of them (IP-A) in the usual way, and it works.

IP-A is let's say 10.0.0.20 with default gw: 10.0.0.1
IP-B is let's say 192.168.1.20 with default gw: 192.168.0.1

Apache is working let's name it Apache-A

I need to set a new apache server only for IP-B, that will have different config from that running for IP-A, so what I am going to do, is to bind Apache instance A, only to IP-A, and will execute another instance with another config file for IP-B and will bind it only for that IP..

What I want to achieve is that requests comming from net-A be handled with apache-A and requests comming from net-B to be handled by apache-B.

My current Linux initialization scripts gets the IP-A, from DHCP... so dhcp sets the default gw, to net's-A 10.0.0.1.

So, what can I do to initialize the NIC (after getting IP-A address via DHCP), with the network-B IP,
and make sure that apache instance-B does not send back requests comming from IP-B trough DefaultGW-A, (it has to use defaultGW-B)?

The first step is simple:

ifconfig eth:0 192.168.1.20 up

What follows?, "ip" command?, "route" command?, "iptables" ??.......

(IP based virtual hosts is not a solution)
LVL 3
egarciatAsked:
Who is Participating?
 
rfc1180Connect With a Mentor Commented:
http://cateee.net/lkddb/web-lkddb/IP_MULTIPLE_TABLES.html
CONFIG_IP_MULTIPLE_TABLES=y  (- IP: policy routing)


CONFIG_IP_ADVANCED_ROUTER=y (- IP: advanced router)
CONFIG_IP_ROUTE_FWMARK=y  (- IP: use netfilter MARK value as routing key)

Yup, looks like you are good to go

Billy
0
 
arober11Commented:
Simple, just have to separate Listen and two separate VirtualHost definitions in you httpd.conf e.g.

Listen 11.22.33.44:80
Listen 22.33.44.55:80


<VirtualHost 11.22.33.44:80>
...
</VirtualHost>


<VirtualHost 22.33.44.55:80>
...
</VirtualHost>

See: http://httpd.apache.org/docs/2.0/vhosts/ip-based.html
0
 
rfc1180Commented:
you can not have 2 active gateways by default; Using routers, you can setup policy routing.

If you follow this tutorial, you will find this is what you are trying to accomplish:

http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/

Billy
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
egarciatAuthor Commented:
arober11:

Last line in question post states: (IP based virtual hosts is not a solution)

rfc1180:

almost, almost, however I have no access to the server kernel, neither allowed to recompile and use a new kernel, however I do have root access.

Do you know if there is a way to know if such options are already active in my current kernel?..

[*] TCP/IP networking
[*] IP: advanced router
[*] IP: policy routing
[*] IP: use netfilter MARK value as routing key

TCP/IP is of course present :)

(/proc/config.gz is NOT available :( , however proc exists and have some nodes there... )

0
 
rfc1180Commented:
>[*] IP: policy routing

>however I do have root access.

Looks like you are all set  policy routing is built in and not as a module, so you should be all set to go.

Billy
0
 
egarciatAuthor Commented:
I'm sorry, I copied verbatim the options from the url you posted, I was trying to list the required options..

What I meant was:

How can I know if I have the following options enabled in my current kernel?:

- TCP/IP networking
- IP: advanced router
- IP: policy routing
- IP: use netfilter MARK value as routing key

0
 
rfc1180Commented:
0
 
egarciatAuthor Commented:
Guess what?..

Config is available, (I searched days ago and it wasn't... :S )

Do you think, that my kernel is readay for that?..


root@host:/lib/modules# zcat /proc/config.gz | grep IP_
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_ASK_IP_FIB_HASH=y
# CONFIG_IP_FIB_TRIE is not set
CONFIG_IP_FIB_HASH=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_MULTIPATH_CACHED=y
CONFIG_IP_ROUTE_MULTIPATH_RR=y
CONFIG_IP_ROUTE_MULTIPATH_RANDOM=y
CONFIG_IP_ROUTE_MULTIPATH_WRANDOM=y
CONFIG_IP_ROUTE_MULTIPATH_DRR=y
CONFIG_IP_ROUTE_VERBOSE=y
CONFIG_IP_PNP=y
CONFIG_IP_PNP_DHCP=y
CONFIG_IP_PNP_BOOTP=y
CONFIG_IP_PNP_RARP=y
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
# CONFIG_IP_VS is not set
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_CONNTRACK_MARK=y
CONFIG_IP_NF_CONNTRACK_SECMARK=y
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=y
CONFIG_IP_NF_IRC=y
# CONFIG_IP_NF_NETBIOS_NS is not set
CONFIG_IP_NF_TFTP=y
CONFIG_IP_NF_AMANDA=y
CONFIG_IP_NF_PPTP=y
# CONFIG_IP_NF_H323 is not set
# CONFIG_IP_NF_SIP is not set
CONFIG_IP_NF_QUEUE=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_IPRANGE=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_RECENT=y
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_DSCP=y
CONFIG_IP_NF_MATCH_AH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_OWNER=y
CONFIG_IP_NF_MATCH_ADDRTYPE=y
CONFIG_IP_NF_MATCH_HASHLIMIT=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
CONFIG_IP_NF_TARGET_TCPMSS=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_TARGET_NETMAP=y
CONFIG_IP_NF_TARGET_SAME=y
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_IRC=y
CONFIG_IP_NF_NAT_FTP=y
CONFIG_IP_NF_NAT_TFTP=y
CONFIG_IP_NF_NAT_AMANDA=y
CONFIG_IP_NF_NAT_PPTP=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_DSCP=y
CONFIG_IP_NF_TARGET_TTL=y
# CONFIG_IP_NF_TARGET_CLUSTERIP is not set
CONFIG_IP_NF_RAW=y
# CONFIG_IP_NF_ARPTABLES is not set
# CONFIG_IP_DCCP is not set
CONFIG_IP_SCTP=y
CONFIG_SLIP_COMPRESSED=y
CONFIG_SLIP_SMART=y
CONFIG_SLIP_MODE_SLIP6=y


root@host:/lib/modules# zcat /proc/config.gz | grep POLICY
CONFIG_NETFILTER_XT_MATCH_POLICY=y


root@host:/lib/modules# zcat /proc/config.gz | grep MARK
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_NETWORK_SECMARK=y
CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
CONFIG_NETFILTER_XT_TARGET_MARK=y
CONFIG_NETFILTER_XT_TARGET_SECMARK=y
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y
CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
CONFIG_NETFILTER_XT_MATCH_MARK=y
CONFIG_IP_NF_CONNTRACK_MARK=y
CONFIG_IP_NF_CONNTRACK_SECMARK=y
CONFIG_BRIDGE_EBT_MARK=y
CONFIG_BRIDGE_EBT_MARK_T=y
CONFIG_NET_SCH_DSMARK=y
CONFIG_CLS_U32_MARK=y

root@host:/lib/modules#

Open in new window

0
 
egarciatAuthor Commented:
Hi, I was unable to test configuration posted by you, due to techincal issues on the server.

Since these are local problems, I am almos sure your posted comment will do the trick once these issues are resolved.

So I am accepting the solution.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.