[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Rebuilding after Haq
- Subject: Re: [cobalt-users] Rebuilding after Haq
- From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun Jul 7 09:18:34 2002
- Organization: Front Street Networks LLC
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
On Saturday 06 July 2002 09:39 pm, Devin Smith wrote:
> Hi Peter, I ran into an interesting problem. My main IP address is in a
> different subnet from all my hosted sites, and when trying to use the
> PMFirewall, it only binds to the single IP address (the main RaQ
> address). Is there a way to make it bind to ALL the addresses in ALL
> subnets? Here's an example of my setup (inflicted upon me by my ISP):
> www.myhostingcompany.com - 216.123.123.123
> www.allmyotherdomains.com - 66.123.123.1-128
>
> ...I'm a little perplexed as it seems there is no place to add
> additional Ips, at least none that the MAN pages or commented scripts
> tell me!
>
Well. that is a litle abnormal
as you would normally have two NIC cards to handel a situation such as that
One of my servers uses a /28 block of ip addresses so the rules get generated
as follows....
ACCEPT tcp ------ <clock-ip> 1.2.3.32/28 * -> 123
ACCEPT udp ------ <clock-ip> 1.2.3.32/28 * -> 123
In your case, I would suggest not using pmfirewalls automatic generation of
addresses.
Use one of your ip addresses (the server) to genrate the rules
Then go down through the generated rules and add rules for the other ip
address.
There may be better solutions, but this would be a solution...
--
Gerald Waugh
http://frontstreetnetworks.com SOHO Networks & Web Site Hosting
Front Street Networks LLC voice +1 203 785 0699 * fax +1 203 785 1787
229 Front Street, Ste. #C, New Haven CT 06513-3203