Linux

Networking with a Virtual IP

You can add extra IPs to your network card using ifconfig.

e.g. I have an existing IP 10.0.0.20

# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:18:F3:5F:7A:AC
          inet addr:10.0.0.20  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2548750 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2458043 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1568857563 (1496.1 Mb)  TX bytes:951347326 (907.2 Mb)
          Interrupt:220

To add a new IP

# ifconfig eth0:0 10.0.0.21 netmask 255.255.255.0 up

Now there is another interface:

# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:18:F3:5F:7A:AC
          inet addr:10.0.0.20  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2548810 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2458070 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1568863792 (1496.1 Mb)  TX bytes:951350040 (907.2 Mb)
          Interrupt:220

eth0:0    Link encap:Ethernet  HWaddr 00:18:F3:5F:7A:AC
          inet addr:10.0.0.21  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:220

          ..

This has been used in a MySQL setup, where there is 1 server and multiple slaves. The server owns the Virtual IP (VIP). If the master fails, then the VIP should be removed from the master server (ifconfig down), and added to an alternative slave server instead.

Clients should be configured to point to the VIP instead of directly to a server.

Redirecting ports

In one example we have tomcat running port 8080 and would like it to also appear on port 80.

iptables -t nat -A OUTPUT -d localhost -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -d 10.0.0.20 -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -d 10.0.0.20 -p tcp --dport 80 -j REDIRECT --to-ports 8080

iptables -t nat -A OUTPUT -d localhost -p tcp --dport 443 -j REDIRECT --to-ports 8443
iptables -t nat -A OUTPUT -d 10.0.0.20 -p tcp --dport 443 -j REDIRECT --to-ports 8443
iptables -t nat -A PREROUTING -d 10.0.0.20 -p tcp --dport 443 -j REDIRECT --to-ports 8443

More Articles (showing 4 below)
ssh_exchange_identification: Connection closed by remote host	2008-09-10
Which package does this binary belong to?	2007-02-03
How to keep the time accurate on Linux	2004-04-21
Linux Performance Monitoring