[Gllug] Two IPs and one NIC
James Hawtin
oolon at ankh.org
Wed Mar 23 15:12:29 UTC 2011
On Wed, Mar 23, 2011 at 12:57:09PM +0000, James Holland wrote:
> This is a really interesting discussion! Can anyone tell me why you
> would need multiple aliases?
If you are setting up a network certain services are a pain to move from one
machine to another, as the IP addresses tend to get hard coded into things
for dns, ntp configs and firewall settings. So you give a machine an IP
address for itself and other one for each of the network services you
use. That allows you to move the service to another machine, will keeping
all the remaining ones on the orginal machine. yes you can do a similar
thing with DNS, however is nice to have both tricks available. If you are
really paranoid you only allow service tracking on that specific IP, so port
scanning cannot find the sshd port, and the sshd port should really be just
on a management network.
Just a throw in IP aliases (sub interfaces) are one way to do it, however
they are limited to having to use the same mac address. What can also be
done is to bridge onto the physical interface, then assign that bridge an IP
address virtual interfaces can then be created and also bound to the same
bridge. As they are full interface you can change things like MTU and
MAC. Interestingly you can still create sub interfaces on the bridge or on
virtual interfaces connected to the bridge, just for that real headache.
James
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list