multiple ip adresses per network adapter?
1) Is it possible to assign multiple ip adresses to a single network adapter? 2) If 1 is possible, then my next question is: is it possible to direct the requests to different processes listening to the same port? Maybe I should ask if it is possible to have different (ip-based) "port spaces" where different processes listen to the same port but for a different ip address? -- Heiko Nardmann (Dipl.-Ing.), h.nardmann@secunet.de, Software Development secunet Security Networks AG - Sicherheit in Netzwerken (www.secunet.de), Weidenauer Str. 223-225, D-57076 Siegen Tel. : +49 271 48950-13, Fax : +49 271 48950-50
1) Is it possible to assign multiple ip adresses to a single network adapter? yes, this is possible. look for "ip aliasing support" when compiling the kernel (don't know if this is standard for suse kernels) then you can assign eth0:0 to ip 1.2.3.4 and eth0:1 to ip 1.2.3.5 2) If 1 is possible, then my next question is: is it possible to direct the requests to different processes listening to the same port? of course! you just have to tell the program to bind to the specific interface! (depends on the program) Maybe I should ask if it is possible to have different (ip-based) "port spaces" where different processes listen to the same port but for a different ip address? port space is always different for several ip's
greets Markus Gaugusch
Heiko Nardmann wrote:
1) Is it possible to assign multiple ip adresses to a single network adapter?
Look at : #!/bin/bash # # procedure : virtual-host-config for offerans.foo.org # target : virual hosting start /stop # arguments : start / stop / restart # author : Fred Mobach # date : 13-09-1999 # . /etc/rc.config base=${0##*/} link=${base#*[SK][0-9][0-9]} return=$rc_done case "$1" in start) echo -n "Starting virtual hosting." /sbin/ifconfig eth0:0 241.242.243.197 /sbin/ifconfig eth0:1 241.242.243.198 /sbin/ifconfig eth0:2 241.242.243.199 /sbin/ifconfig eth0:3 241.242.243.200 /sbin/ifconfig eth0:4 241.242.243.201 /sbin/ifconfig eth0:5 241.242.243.202 /sbin/ifconfig eth0:6 241.242.243.213 /sbin/ifconfig eth0:7 241.242.243.214 /sbin/route add -host 241.242.243.197 dev eth0:0 /sbin/route add -host 241.242.243.198 dev eth0:1 /sbin/route add -host 241.242.243.199 dev eth0:2 /sbin/route add -host 241.242.243.200 dev eth0:3 /sbin/route add -host 241.242.243.201 dev eth0:4 /sbin/route add -host 241.242.243.202 dev eth0:5 /sbin/route add -host 241.242.243.213 dev eth0:6 /sbin/route add -host 241.242.243.214 dev eth0:7 echo -e "$return" ;; stop) echo -n "Shutting down virtual hosting:" /sbin/route del -host 241.242.243.197 dev eth0:0 /sbin/route del -host 241.242.243.198 dev eth0:1 /sbin/route del -host 241.242.243.199 dev eth0:2 /sbin/route del -host 241.242.243.200 dev eth0:3 /sbin/route del -host 241.242.243.201 dev eth0:4 /sbin/route del -host 241.242.243.202 dev eth0:5 /sbin/route del -host 241.242.243.213 dev eth0:6 /sbin/route del -host 241.242.243.214 dev eth0:7 /sbin/ifconfig eth0:0 down /sbin/ifconfig eth0:1 down /sbin/ifconfig eth0:2 down /sbin/ifconfig eth0:3 down /sbin/ifconfig eth0:4 down /sbin/ifconfig eth0:5 down /sbin/ifconfig eth0:6 down /sbin/ifconfig eth0:7 down echo -e "$return" echo ;; restart|reload) $0 stop && $0 start || return=$rc_failed ;; *) echo "Usage: $0 {start|stop|restart|reload|status}" exit 1 esac test "$return" = "$rc_done" || exit 1 exit 0 Make some additional links to this file in /sbin/init.d/rc[2-3].d/ and it will start and stop like other network services. Will this do ?
2) If 1 is possible, then my next question is: is it possible to direct the requests to different processes listening to the same port? Maybe I should ask if it is possible to have different (ip-based) "port spaces" where different processes listen to the same port but for a different ip address?
Yes, that can be done. I've managed this with Apache with the Listen and VirtualHost commands. It works also very well with rinetd (see freshmeat). Regards, Fred Mobach
On Mon, 8 May 2000, Fred Mobach wrote:
Heiko Nardmann wrote:
1) Is it possible to assign multiple ip adresses to a single network adapter?
Look at :
< script-code snipped> You might want to . source the IP-nrs from an external file. In my opinion this makes updating 'conceptually cleaner'. The rc script remains untouched and config is done in a file in /etc. kind regards, avi bercovich
On Mon, 8 May 2000, Fred Mobach wrote: why not use yast, other netwrok device: eth0:1 and configuration as usual but yast sets route to net not host, is this a problem ?
Heiko Nardmann wrote:
1) Is it possible to assign multiple ip adresses to a single network adapter?
Look at :
#!/bin/bash # # procedure : virtual-host-config for offerans.foo.org # target : virual hosting start /stop # arguments : start / stop / restart # author : Fred Mobach # date : 13-09-1999 #
. /etc/rc.config
base=${0##*/} link=${base#*[SK][0-9][0-9]}
return=$rc_done case "$1" in start) echo -n "Starting virtual hosting." /sbin/ifconfig eth0:0 241.242.243.197 /sbin/ifconfig eth0:1 241.242.243.198 /sbin/ifconfig eth0:2 241.242.243.199 /sbin/ifconfig eth0:3 241.242.243.200 /sbin/ifconfig eth0:4 241.242.243.201 /sbin/ifconfig eth0:5 241.242.243.202 /sbin/ifconfig eth0:6 241.242.243.213 /sbin/ifconfig eth0:7 241.242.243.214 /sbin/route add -host 241.242.243.197 dev eth0:0 /sbin/route add -host 241.242.243.198 dev eth0:1 /sbin/route add -host 241.242.243.199 dev eth0:2 /sbin/route add -host 241.242.243.200 dev eth0:3 /sbin/route add -host 241.242.243.201 dev eth0:4 /sbin/route add -host 241.242.243.202 dev eth0:5 /sbin/route add -host 241.242.243.213 dev eth0:6 /sbin/route add -host 241.242.243.214 dev eth0:7 echo -e "$return" ;; stop) echo -n "Shutting down virtual hosting:" /sbin/route del -host 241.242.243.197 dev eth0:0 /sbin/route del -host 241.242.243.198 dev eth0:1 /sbin/route del -host 241.242.243.199 dev eth0:2 /sbin/route del -host 241.242.243.200 dev eth0:3 /sbin/route del -host 241.242.243.201 dev eth0:4 /sbin/route del -host 241.242.243.202 dev eth0:5 /sbin/route del -host 241.242.243.213 dev eth0:6 /sbin/route del -host 241.242.243.214 dev eth0:7 /sbin/ifconfig eth0:0 down /sbin/ifconfig eth0:1 down /sbin/ifconfig eth0:2 down /sbin/ifconfig eth0:3 down /sbin/ifconfig eth0:4 down /sbin/ifconfig eth0:5 down /sbin/ifconfig eth0:6 down /sbin/ifconfig eth0:7 down echo -e "$return" echo ;; restart|reload) $0 stop && $0 start || return=$rc_failed ;; *) echo "Usage: $0 {start|stop|restart|reload|status}" exit 1 esac
test "$return" = "$rc_done" || exit 1 exit 0
Make some additional links to this file in /sbin/init.d/rc[2-3].d/ and it will start and stop like other network services.
Will this do ?
2) If 1 is possible, then my next question is: is it possible to direct the requests to different processes listening to the same port? Maybe I should ask if it is possible to have different (ip-based) "port spaces" where different processes listen to the same port but for a different ip address?
Yes, that can be done. I've managed this with Apache with the Listen and VirtualHost commands. It works also very well with rinetd (see freshmeat).
Regards,
Fred Mobach
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- ============================================= BINGO: Lassen Sie sich was einfallen! ============================================= --- Engelbert Gruber --- SSG Fintl,Gruber,Lassnig A6140 Telfs Untermarkt 9 Tel. ++43-5262-64727 ---
Hi,
1) Is it possible to assign multiple ip adresses to a single network adapter?
This questions had been posted here some month ago. So, please check the mailinglist archive for more informations. wintermute:~ # ifconfig eth0:0 10.0.0.100 wintermute:~ # ifconfig eth0:0 eth0:0 Link encap:Ethernet HWaddr 00:80:48:AF:6E:FC inet addr:10.0.0.100 Bcast:10.255.255.255 Mask:255.0.0.0 Interrupt:5 Base address:0x220
listening to the same port? Maybe I should ask if it is possible to have different (ip-based) "port spaces" where different processes listen to the same port but for a different ip address?
sure, it's common practice for sshd on firewalls/routers and alike. Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
I don't know why this is posted to the security mailing list. Anyway.
Yes it is possible to assign multiple IP addresses to a single network card.
You must enable "IP aliasing" in the kernel. Once you do this you can then
assign an address to eth0, as well as eth0:0, eth0:1, eth:2, etc etc etc.
As our SuSE friend has stated, this is a common practice for firewalls and
routers. It's also common for webservers with many virtual hosts.
Regards,
kw
/* Keith Warno
** Developer & Sys Admin
** http://www.HaggleWare.com/
*/
----- Original Message -----
From: "Thomas Biege"
1) Is it possible to assign multiple ip adresses to a single network adapter?
This questions had been posted here some month ago. So, please check the mailinglist archive for more informations. wintermute:~ # ifconfig eth0:0 10.0.0.100 wintermute:~ # ifconfig eth0:0 eth0:0 Link encap:Ethernet HWaddr 00:80:48:AF:6E:FC inet addr:10.0.0.100 Bcast:10.255.255.255 Mask:255.0.0.0 Interrupt:5 Base address:0x220
listening to the same port? Maybe I should ask if it is possible to have different (ip-based) "port spaces" where different processes listen to the same port but for a different ip address?
sure, it's common practice for sshd on firewalls/routers and alike. Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47 --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (7)
-
Avi Bercovich -
engelbert.gruber@ssg.co.at -
Fred Mobach -
Heiko Nardmann -
Keith Warno -
Markus Gaugusch -
Thomas Biege