httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthew Marino <ma...@citystamp.com>
Subject Re: [users@httpd] outbound ip
Date Thu, 12 Sep 2002 19:14:08 GMT
  Remeber your layer model. Apache doesn't  care where packets are 
destined for. Once the packets are handed off for delivery, the OS 
routes based on destination. Your best bet is probably a firewall that 
can re-route based on a source IP. It will also work if the firewall 
inspects source Hex address. If you have multiple interfaces with 
different IP's can't you have the run the different name virtual hosts 
bound to different IP's and the sniffer should be able to track based on 
source of course that has very limited scale. Maybe ports??


On Thursday, September 12, 2002, at 02:49 PM, Delagarza, John wrote:

> if I added the route how would apache know which one to use?
>
> one virt host needs to go out on one ip the other virt host needs to go 
> out on the other
>
> this is a request from management...they want to be able to run a port 
> sniffer and see
> what app is going out. 
>
> > -----Original Message-----
> > From: Jeff Beard [mailto:jeff@cyberxape.com]
> > Sent: Wednesday, September 11, 2002 6:08 PM
> > To: users@httpd.apache.org
> > Subject: Re: [users@httpd] outbound ip
> >
> >
> > What are you trying to accomplish? If you are tyring route
> > packets to a
> > specific host IP, then you can add a host route to your
> > routing table.
> > But I don't believe that's an application layer thing. Of
> > course, I may
> > not understand what you're trying to do yet.
> >
> > --Jeff
> >
> > Delagarza, John wrote:
> > > That would work, but we may have lots of virt hosts on this
> > box soon...
> > >
> > > If this can be done easily, I don't think it would be done
> > with the OS
> > > but rather
> > > the app, apache in this case.  When apache creates a tcp
> > socket it, I
> > > believe that the IP
> > > can be specified...interanlly to apache that is.  I just
> > don't know if
> > > that functionality is
> > > used my mod_proxy and can be configured from the conf file.
> > >
> > >
> > >
> > >
> > >  > -----Original Message-----
> > >  > From: Jeff Beard [mailto:jeff@cyberxape.com]
> > >  > Sent: Wednesday, September 11, 2002 4:59 PM
> > >  > To: users@httpd.apache.org
> > >  > Subject: Re: [users@httpd] outbound ip
> > >  >
> > >  >
> > >  > Responses go out the same physical interface, not necessarily
> > >  > the same
> > >  > IP. I'm guessing that the IP address that is associated with
> > >  > the packets
> > >  > going back are defaulting to the non-virtual IP assigned to
> > >  > the physical
> > >  > interface. I'm guessing here, but it seems plausible and
> > may be OS
> > >  > dependant.
> > >  >
> > >  > If you want the really separate you need two network cards
> > >  > and bind each
> > >  > vhost to it's own physical interface/IP address.
> > >  >
> > >  > --Jeff
> > >  >
> > >  > Delagarza, John wrote:
> > >  > > Is there any way to specify what IP the out going request
> > >  > goes out on?
> > >  > >
> > >  > > I have a linux box with two IP's...two virt hosts.
> > >  > >
> > >  > > one of them proxies to another server, can I specify
> > what IP to go
> > >  > > out on?
> > >  > >
> > >  > > both virt hosts (IP based) go out on the same IP as of now.
> > >  > >
> > >  >
> > >  > --
> > >  > Jeff Beard | Systems Architecture, Programming, Management
> > >  > Contact    | jeff at cyberxape dot com, 303.443.9339
> > >  > Location   | In front of the computer, Boulder, CO, USA
> > >  >
> > >  >
> > >  >
> > ---------------------------------------------------------------------
> > >  > The official User-To-User support forum of the Apache HTTP
> > >  > Server Project.
> > >  > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > >  > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > >  >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > >  > For additional commands, e-mail: users-help@httpd.apache.org
> > >  >
> > >  >
> > >
> >
> > --
> > --
> > Jeff Beard | Systems Architecture, Programming, Management
> > Contact    | jeff at cyberxape dot com, 303.443.9339
> > Location   | In front of the computer, Boulder, CO, USA
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP
> > Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message