* [gentoo-user] Force app to use specific outgoing ip address?
@ 2007-05-14 10:45 Crayon Shin Chan
2007-05-19 2:35 ` Walter Dnes
0 siblings, 1 reply; 2+ messages in thread
From: Crayon Shin Chan @ 2007-05-14 10:45 UTC (permalink / raw
To: gentoo-user
I have a gateway machine with a single NIC but several virtual IP
addresses. I have several instances of apache running, each bound to
listen on their own virtual IP address. All the instances of apache are
running in proxy mode. What is happening now is that all the apache
instances use the 'main' IP address for all outgoing connections.
What I would like is for each instance of apache to use their own virtual
IP address for outgoing connections. Is it possible to rig iptables to
achieve this? And how would I do this?
NB I'm open to solutions using proxies other than apache.
thanks
--
Crayon
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [gentoo-user] Force app to use specific outgoing ip address?
2007-05-14 10:45 [gentoo-user] Force app to use specific outgoing ip address? Crayon Shin Chan
@ 2007-05-19 2:35 ` Walter Dnes
0 siblings, 0 replies; 2+ messages in thread
From: Walter Dnes @ 2007-05-19 2:35 UTC (permalink / raw
To: gentoo-user
On Mon, May 14, 2007 at 06:45:18PM +0800, Crayon Shin Chan wrote
> I have a gateway machine with a single NIC but several virtual IP
> addresses. I have several instances of apache running, each bound to
> listen on their own virtual IP address. All the instances of apache are
> running in proxy mode. What is happening now is that all the apache
> instances use the 'main' IP address for all outgoing connections.
>
> What I would like is for each instance of apache to use their own virtual
> IP address for outgoing connections. Is it possible to rig iptables to
> achieve this? And how would I do this?
Can you...
- create a bunch of dummy users (nobody0, nobody1, nobody2, etc)
- and launch each apache instance as a different user
If so, you can take advantage of netfilter/iptables ability to match
on user. Run just like now, but forward packets to a different address
based on owner. Here's the help info from "make menuconfig"...
| CONFIG_IP_NF_MATCH_OWNER: |
| |
| Packet owner matching allows you to match locally-generated packets |
| based on who created them: the user, group, process or session. |
| |
| To compile it as a module, choose M here. If unsure, say N. |
| |
| Symbol: IP_NF_MATCH_OWNER [=y] |
| Prompt: Owner match support |
| Defined at net/ipv4/netfilter/Kconfig:296 |
| Depends on: NET && INET && NETFILTER && IP_NF_IPTABLES |
| Location: |
| -> Networking |
| -> Networking support (NET [=y]) |
| -> Networking options |
| -> Network packet filtering framework (Netfilter) (NETFILTER |
| -> IP: Netfilter Configuration |
| -> IP tables support (required for filtering/masq/NAT) (I |
--
Walter Dnes <waltdnes@waltdnes.org> In linux /sbin/init is Job #1
Q. Mr. Ghandi, what do you think of Microsoft security?
A. I think it would be a good idea.
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-05-19 2:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-05-14 10:45 [gentoo-user] Force app to use specific outgoing ip address? Crayon Shin Chan
2007-05-19 2:35 ` Walter Dnes
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox