On Mon, May 14, 2007 at 06:45:18PM +0800, Crayon Shin Chan wrote > I have a gateway machine with a single NIC but several virtual IP > addresses. I have several instances of apache running, each bound to > listen on their own virtual IP address. All the instances of apache are > running in proxy mode. What is happening now is that all the apache > instances use the 'main' IP address for all outgoing connections. > > What I would like is for each instance of apache to use their own virtual > IP address for outgoing connections. Is it possible to rig iptables to > achieve this? And how would I do this?
Can you... - create a bunch of dummy users (nobody0, nobody1, nobody2, etc) - and launch each apache instance as a different user If so, you can take advantage of netfilter/iptables ability to match on user. Run just like now, but forward packets to a different address based on owner. Here's the help info from "make menuconfig"... | CONFIG_IP_NF_MATCH_OWNER: | | | | Packet owner matching allows you to match locally-generated packets | | based on who created them: the user, group, process or session. | | | | To compile it as a module, choose M here. If unsure, say N. | | | | Symbol: IP_NF_MATCH_OWNER [=y] | | Prompt: Owner match support | | Defined at net/ipv4/netfilter/Kconfig:296 | | Depends on: NET && INET && NETFILTER && IP_NF_IPTABLES | | Location: | | -> Networking | | -> Networking support (NET [=y]) | | -> Networking options | | -> Network packet filtering framework (Netfilter) (NETFILTER | | -> IP: Netfilter Configuration | | -> IP tables support (required for filtering/masq/NAT) (I | -- Walter Dnes <[EMAIL PROTECTED]> In linux /sbin/init is Job #1 Q. Mr. Ghandi, what do you think of Microsoft security? A. I think it would be a good idea. -- [EMAIL PROTECTED] mailing list
