Noob networking
July 6, 2012 7:40 AM   Subscribe

I have an off-site server running ubuntu with 2 IP addresses (IPv4). How can I setup the interfaces file or what have you so that the server can be accessed from both addresses (SSH, ftp, etc.), but to the outside world whatever is done from one address is reported to the outside world with that same address?

Right now, it looks like it aliases to the primary IP address when I logon from the secondary, but to everyone else it's still the same IP. If I logon to IP1 I want outgoing data to report IP1, and for IP2 I want it to report IP2. Is this even possible?
posted by drpynchon to Computers & Internet (6 answers total) 3 users marked this as a favorite
So you want to configure the machine in such a way that it will use a different interface to talk to the internet depending on how the session was initiated? i.e. if you ssh into IP1 and then use that session to contact the outside world it gets sent back out through interface 1, but if you ssh in as the same user on IP2 it uses interface 2 instead? I'm not really an expert but that sounds like a very non-standard way of doing things. Can you elaborate on why you'd like this to happen? I'm sure there's a way you could do it, but make sure before you do that it's really what you need and that you're not just needlessly convoluting your situation.
posted by contraption at 8:18 AM on July 6, 2012

I have done this several times. It is routing using the default route, so all traffic that comes in any interface goes out the default route interface. The link odinsdream posted is the fix.

Are both interfaces on the same IP subnet? Can you successfully communicate via both interfaces? Usually, the case of going in one interface and out another will get stopped by a firewall for spoofing. Or performance will suffer because the TCP will be "broken".
posted by nivekraz at 9:11 AM on July 6, 2012

My understanding is that the OP wants something like cgroups setup on the network layer. When you login via eth0 *all* network traffic generated on behalf of that login session will use eth0 as the default route. So this isn't a case of traffic that arrives on eth0 gets replied to via eth0 (not eth1) but that all processes started by the user who connected via eth0 have a routing table that prefers eth0.

Ubuntu 12.04 (I think) already does the outgoing reply matching incoming request if this If you’re trying to do asymmetric routing in Ubuntu 12.04.. is to be believed.

My guess is that it will be hard and confusing to accomplish the OP's desire. It's almost like running two LXC or KVM instances on the box each configured with a different interface. You can probably do this with cgroups / iproute2 / PAM some way. You would have PAM give the initial session cgroup a per cgroup routing table that has the default route pointing via the interface that the session was initiated on.

I think it would be easier to just run two LCX intances on the box, one on eth0 and the other on eth1 and just pretend you have 3 machines in the same box.

What an interesting problem... :)
posted by zengargoyle at 10:24 AM on July 6, 2012

I guess to elaborate: what I'm sort of trying to do is create the effect of virtual private servers attached to each user/IP as seen at least from the outside, but with shared hardware resources/software. Currently, I have an off-site server running Ubuntu 11.10 (not a server optimized kernel) with a second added IPv4 address. If I log onto eth0 everything is eth0. That's fine. But I want my second IPv4 address not to just alias to eth0. Basically I want to take the server resources I'm paying for and essentially split them into what would appear to be two servers to give a friend independent access, but not confuse our IPs as seen by the world.

Currently when I ssh into the second address, once I'm connect, for all intents and purposes it looks like I may as well be on the first address (i.e. curl returns the same output from both IPs). If it helps I can put up my interfaces file.

I looked at that link from odinsdream and I think that has to do with two physical nic's on one machine. Not sure that's what I'm about. If it's easier maybe I just need to commit to setting up a real virtual private server. Any advice on that? I have no clue how that's done and most of my googling leads to links about setting up a VPS account on a host providing this service rather than effectively BEING the host providing the service.
posted by drpynchon at 1:06 PM on July 6, 2012

Look to LXC (Linux Container) for the simplest thing, KVM for a more robust thing. Start here. LXC will let you basically turn one box running Linux into two or three or more, this is probably what you want. KVM does the same but at a lower level so you can have say an emulated x86 Fedora or Windows virtual machine and a 64 bit Debian machine living on a 64 bit Ubuntu box. With LXC you're limited to using the same kernel so you can just have N Ubuntu 11.10 VMs on your Ubuntu 11.10 box.
posted by zengargoyle at 1:55 PM on July 6, 2012

« Older Planning a honeymoon, have no concrete ideas - so...   |   What is the best going away present? Newer »
This thread is closed to new comments.