[Sussex] Unbinding Apache from an IP

Steve Dobson steve at dobson.org
Fri Feb 3 17:01:50 UTC 2006


Al

On Fri, Feb 03, 2006 at 12:12:15PM -0000, Al Bennett wrote:
> Firstly, sorry I wasn't at the last Moot, I was up in London sticking 
> adverts to exhibition panels.  Much fun.

That's okay.  You'll just have to pay a penance next time :-)

> I've got an unmanaged box somewhere in Texas that hosts a couple of 
> domains. It's got four usable IPs assigned to it, I'd like one of them to 
> not have Apache on port 80 so I can put something else there.  I've 
> modified the apache config (attached - names and IP changed to protect the 
> guilty and most of the virtual hosts trimmed out for legibility, they're 
> all the same) but for the life of me I can't get apache to let go of this 
> IP.  netstat -l still shows it bound to *:80

I don't think you can do that.

> I'm probably missing something really obvious here but it's bugging me now!
> 
> The box is CentOS with Cpanel (not what I really wanted but choice was 
> limited and time tight!)
> 
> I'd appreciate it if someone could take a look and see what I'm doing wrong 
> here.
> 
> I'm leaving for the weekend in a bit but I'll be back on Sunday (great 
> discussion list etiquette!)

At system level coding you need to bind(2) a socket(2) to an address.
The address for TCP/IP has two parts the host's IP address and port
number.  The address data structure only as room for one IP address
and this is either a non-zero number in which case it is the IP address
on which to listen or zero which means listen on all interfaces.  

I am reasonably sure that you can't have two different applications
both bound to the same port number on the same host - regardless of 
the number of interfaces the host has.

The only way I can think to do this is to use the firewalling capabilities
of Linux.  Run your non-apache app up on another port (81 for example)
and then configure the in-bound firewall rules to re-direct packets for
on port 80 for just the one interface's IP address to port 81 instead.

Hope this helps
Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20060203/35832908/attachment.pgp 


More information about the Sussex mailing list