On 09/17/2010 04:28 AM, Brian Wheeler wrote:
I could figure this out eventually, but if someone has done this before
maybe they could save me the trouble.
Here's my situation: I'm running mysql instances on two separate
machines and I'm looking to merge them into a single machine. They are
accessed by our application as db-prod:3306 and db-prod-private:3306 for
our production instance and db-dev:3306 and db-dev-private:3306 for our
development instance.
The db-* interfaces are on the public network (but firewalled to our
organization) and db-*-private are on a private network within our
machine room. They all have separate IPs: x.x.x.51 and 10.x.x.51 for
prod; x.x.x.53 and 10.x.x.53 for dev.
So here's what I've done (and what I think I can do):
I've set up the dev instance running on the new machine and bound it to
127.0.0.1:3307 and the prod instance is bound to 127.0.0.1:3308.
Mysql doesn't let you bind to more than one address so I figure I can do
this with some iptables trickery.
it seems like the rules should be something like this:
-p tcp -d x.x.x.51 --dport 3306 --to-destination localhost:3308
-p tcp -d 10.x.x.51 --dport 3306 --to-destination localhost:3308
-p tcp -d x.x.x.53 --dport 3306 --to-destination localhost:3307
-p tcp -d 10.x.x.53 --dport 3306 --to-destination localhost:3307
As I understand it this is impossible. You can route traffic to
localhost but traffic can never return. Any traffic from localhost can
not make into the network. At least that is what I have come up against
when trying to do this in the past. If you make it work though, please
let me know how.
I would suggest listening on all interface and firewalling off the
interfaces you don't want accessed.
--
Tim
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
