Hi, I'd like to know if it is possible to see connections, from outside the server, coming from the IP set up on a virtual interface or if I will always see the one from the real interface.
Is there any kernel parameter where I can specify the system to use the virtual IPs ?
Thanks in advance.
> Hi, I'd like to know if it is possible to see
> connections, from outside the server, coming from the
> IP set up on a virtual interface or if I will always
> see the one from the real interface.
Yes, you will. The virtual interface wouldn't be of much use if it weren't visible on the network.
> Is there any kernel parameter where I can specify the
> system to use the virtual IPs ?
I'm not sure what you're asking.
Generally you control interface usage at the application level. An application can choose to use a particular IP address if that's the appropriate thing to do.
--
Darren
are you asking, for instance, like in sendmail, that all outbound mail initiates from the physical machine name versus coming from any one of a number of virtual IPs you could plumb on the physical NIC? - and you would prefer the emails to show that they're coming from a specific virtual instead of the physical machine name?
This might be tough as virtuals point back to the mac address underlying the physical interface - jeff
> are you asking, for instance, like in sendmail, that
> all outbound mail initiates from the physical machine
> name versus coming from any one of a number of
> virtual IPs you could plumb on the physical NIC? -
> and you would prefer the emails to show that they're
> coming from a specific virtual instead of the
> physical machine name?
>
Yes, this is what I'm looking for.
> This might be tough as virtuals point back to the mac
> address underlying the physical interface - jeff
Tough but... possible? And, regarding the mac address of the physical interfaces, what if I set local-mac-address? to false while having several NICs? Where will each of the IP addresses point back?
Thanks for your help.
If an application doesnt take steps to bind to a specific address, then it will bind to the default address which is the non virtual IP.
So you have to persuade the application to do the right thing. And not applications have config options controlling that kind of behaviour.
An alternative is instead of using a virtual interface, set up a separate zone for the application. Requires solaris 10 of course...
> If an application doesnt take steps to bind to a
> specific address, then it will bind to the default
> address which is the non virtual IP.
>
> So you have to persuade the application to do the
> right thing. And not applications have config options
> controlling that kind of behaviour.
Ok, you can bind an application to an specific IP address from inside the OS but... from outside the server I will see wich IP? I mean, as in the example shown previously with sendmail, I will see emails coming from which IP? from the one I have binded at OS level or the one from the real interface?
If I execute "netstat -r" in the "Use field" I can see the number of packets managed by each inteface... usually the only one who has a number different from 0 is the physical one...
And what if I put down the default IP while having the others up?
> Ok, you can bind an application to an specific IP
> address from inside the OS but... from outside the
> server I will see wich IP?
The one bound to.
> If I execute "netstat -r" in the "Use field" I can
> see the number of packets managed by each inteface...
> usually the only one who has a number different from
> 0 is the physical one...
I don't think the two things are related. The counters that netstat is using probably come from the physical interface. That's not related to the IP address in the packet.
> And what if I put down the default IP while having
> the others up?
'default IP'?
Depending on your specific configuration, there's no reason that the virtual interfaces on the same physical interface would be affected if you broght the physical interface 'down'. Don't unplumb it though. That will unplumb all the virtuals on it as well.
--
Darren
