?
Solved

Linux 1 NIC 2 IPs on different networks, want to bind one apache instance only to second IP.

Posted on 2010-09-03
9
Medium Priority
?
522 Views
Last Modified: 2012-05-10
Hi,

I have a Linux box with only a NIC, I have been assigned 2 ip address on different networks, and of course different default GWs, currently I have activated only one of them (IP-A) in the usual way, and it works.

IP-A is let's say 10.0.0.20 with default gw: 10.0.0.1
IP-B is let's say 192.168.1.20 with default gw: 192.168.0.1

Apache is working let's name it Apache-A

I need to set a new apache server only for IP-B, that will have different config from that running for IP-A, so what I am going to do, is to bind Apache instance A, only to IP-A, and will execute another instance with another config file for IP-B and will bind it only for that IP..

What I want to achieve is that requests comming from net-A be handled with apache-A and requests comming from net-B to be handled by apache-B.

My current Linux initialization scripts gets the IP-A, from DHCP... so dhcp sets the default gw, to net's-A 10.0.0.1.

So, what can I do to initialize the NIC (after getting IP-A address via DHCP), with the network-B IP,
and make sure that apache instance-B does not send back requests comming from IP-B trough DefaultGW-A, (it has to use defaultGW-B)?

The first step is simple:

ifconfig eth:0 192.168.1.20 up

What follows?, "ip" command?, "route" command?, "iptables" ??.......

(IP based virtual hosts is not a solution)
0
Comment
Question by:egarciat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 26

Expert Comment

by:arober11
ID: 33601449
Simple, just have to separate Listen and two separate VirtualHost definitions in you httpd.conf e.g.

Listen 11.22.33.44:80
Listen 22.33.44.55:80


<VirtualHost 11.22.33.44:80>
...
</VirtualHost>


<VirtualHost 22.33.44.55:80>
...
</VirtualHost>

See: http://httpd.apache.org/docs/2.0/vhosts/ip-based.html
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33601454
you can not have 2 active gateways by default; Using routers, you can setup policy routing.

If you follow this tutorial, you will find this is what you are trying to accomplish:

http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/

Billy
0
 
LVL 3

Author Comment

by:egarciat
ID: 33601511
arober11:

Last line in question post states: (IP based virtual hosts is not a solution)

rfc1180:

almost, almost, however I have no access to the server kernel, neither allowed to recompile and use a new kernel, however I do have root access.

Do you know if there is a way to know if such options are already active in my current kernel?..

[*] TCP/IP networking
[*] IP: advanced router
[*] IP: policy routing
[*] IP: use netfilter MARK value as routing key

TCP/IP is of course present :)

(/proc/config.gz is NOT available :( , however proc exists and have some nodes there... )

0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 24

Expert Comment

by:rfc1180
ID: 33601576
>[*] IP: policy routing

>however I do have root access.

Looks like you are all set  policy routing is built in and not as a module, so you should be all set to go.

Billy
0
 
LVL 3

Author Comment

by:egarciat
ID: 33601641
I'm sorry, I copied verbatim the options from the url you posted, I was trying to list the required options..

What I meant was:

How can I know if I have the following options enabled in my current kernel?:

- TCP/IP networking
- IP: advanced router
- IP: policy routing
- IP: use netfilter MARK value as routing key

0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33601707
0
 
LVL 3

Author Comment

by:egarciat
ID: 33602072
Guess what?..

Config is available, (I searched days ago and it wasn't... :S )

Do you think, that my kernel is readay for that?..


root@host:/lib/modules# zcat /proc/config.gz | grep IP_
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_ASK_IP_FIB_HASH=y
# CONFIG_IP_FIB_TRIE is not set
CONFIG_IP_FIB_HASH=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_MULTIPATH_CACHED=y
CONFIG_IP_ROUTE_MULTIPATH_RR=y
CONFIG_IP_ROUTE_MULTIPATH_RANDOM=y
CONFIG_IP_ROUTE_MULTIPATH_WRANDOM=y
CONFIG_IP_ROUTE_MULTIPATH_DRR=y
CONFIG_IP_ROUTE_VERBOSE=y
CONFIG_IP_PNP=y
CONFIG_IP_PNP_DHCP=y
CONFIG_IP_PNP_BOOTP=y
CONFIG_IP_PNP_RARP=y
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
# CONFIG_IP_VS is not set
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_CONNTRACK_MARK=y
CONFIG_IP_NF_CONNTRACK_SECMARK=y
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=y
CONFIG_IP_NF_IRC=y
# CONFIG_IP_NF_NETBIOS_NS is not set
CONFIG_IP_NF_TFTP=y
CONFIG_IP_NF_AMANDA=y
CONFIG_IP_NF_PPTP=y
# CONFIG_IP_NF_H323 is not set
# CONFIG_IP_NF_SIP is not set
CONFIG_IP_NF_QUEUE=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_IPRANGE=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_RECENT=y
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_DSCP=y
CONFIG_IP_NF_MATCH_AH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_OWNER=y
CONFIG_IP_NF_MATCH_ADDRTYPE=y
CONFIG_IP_NF_MATCH_HASHLIMIT=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
CONFIG_IP_NF_TARGET_TCPMSS=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_TARGET_NETMAP=y
CONFIG_IP_NF_TARGET_SAME=y
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_IRC=y
CONFIG_IP_NF_NAT_FTP=y
CONFIG_IP_NF_NAT_TFTP=y
CONFIG_IP_NF_NAT_AMANDA=y
CONFIG_IP_NF_NAT_PPTP=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_DSCP=y
CONFIG_IP_NF_TARGET_TTL=y
# CONFIG_IP_NF_TARGET_CLUSTERIP is not set
CONFIG_IP_NF_RAW=y
# CONFIG_IP_NF_ARPTABLES is not set
# CONFIG_IP_DCCP is not set
CONFIG_IP_SCTP=y
CONFIG_SLIP_COMPRESSED=y
CONFIG_SLIP_SMART=y
CONFIG_SLIP_MODE_SLIP6=y


root@host:/lib/modules# zcat /proc/config.gz | grep POLICY
CONFIG_NETFILTER_XT_MATCH_POLICY=y


root@host:/lib/modules# zcat /proc/config.gz | grep MARK
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_NETWORK_SECMARK=y
CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
CONFIG_NETFILTER_XT_TARGET_MARK=y
CONFIG_NETFILTER_XT_TARGET_SECMARK=y
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y
CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
CONFIG_NETFILTER_XT_MATCH_MARK=y
CONFIG_IP_NF_CONNTRACK_MARK=y
CONFIG_IP_NF_CONNTRACK_SECMARK=y
CONFIG_BRIDGE_EBT_MARK=y
CONFIG_BRIDGE_EBT_MARK_T=y
CONFIG_NET_SCH_DSMARK=y
CONFIG_CLS_U32_MARK=y

root@host:/lib/modules#

Open in new window

0
 
LVL 24

Accepted Solution

by:
rfc1180 earned 2000 total points
ID: 33603328
http://cateee.net/lkddb/web-lkddb/IP_MULTIPLE_TABLES.html
CONFIG_IP_MULTIPLE_TABLES=y  (- IP: policy routing)


CONFIG_IP_ADVANCED_ROUTER=y (- IP: advanced router)
CONFIG_IP_ROUTE_FWMARK=y  (- IP: use netfilter MARK value as routing key)

Yup, looks like you are good to go

Billy
0
 
LVL 3

Author Comment

by:egarciat
ID: 33612982
Hi, I was unable to test configuration posted by you, due to techincal issues on the server.

Since these are local problems, I am almos sure your posted comment will do the trick once these issues are resolved.

So I am accepting the solution.

0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses
Course of the Month11 days, 1 hour left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question