Re: Class C hack instead of ifconfig aliases
Matthew Reimer <[EMAIL PROTECTED]> wrote: >Here's a way to do it without patches: > >1. in your webserver: > a. ipfw add fwd localhost from any to 1.2.3/24 http > b. add sections, like this: If you're using enough IP addresses to make this trick worthwhile then you're probably interested in mod_vhost_alias which is new in Apache 1.3.9. >Pros: > >- no need to 'ifconfig xyz alias...'. Big deal -- you still have to use an ipfw command instead. >- address matching is fast, since only a few ipfw rules are checked, > rather than lists of hundreds or thousands of IP addresses The NETALIAS patch (PR#12071) is smaller and faster than turning on IPFIREWALL and IPFIREWALL_FORWARD. Tony. -- the .@ person To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Class C hack instead of ifconfig aliases
Geoff Buckingham <[EMAIL PROTECTED]> wrote: > >In an effort to avoid what may follow, I fully appreciate HTTP 1.1 vhosting >is much more appropriate in many situations, this does not however >remove the need for large scale conventional virtual hosting alltogether. I'll also mention SSL, since it requires an IP address per virtual host. Tony. -- dot it at To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Class C hack instead of ifconfig aliases
> 1. in your webserver: >a. ipfw add fwd localhost from any to 1.2.3/24 http Clever - I likes it. > - I don't think arp will work on 1.2.3/24 addresses, which is why the > route needs to be added to the router. This is becoming pretty off-topic, but having thousands of arp entries floating around on a network is also arguably a bad idea for the same reason as having thousands of IP addresses hanging off a single interface. I normally configure ip aliases off lo0 and use gated to announce the networks to the world and drop packets destined to unconfigured hosts. This is generally a cleaner and more flexible configuration to use. Nick To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Class C hack instead of ifconfig aliases
Here's a way to do it without patches: 1. in your webserver: a. ipfw add fwd localhost from any to 1.2.3/24 http b. add sections, like this: ServerName web.freebsd.org ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/web 2. in your router: add a route to forward 1.2.3/24 to your webserver Pros: - no need to 'ifconfig xyz alias...'. - address matching is fast, since only a few ipfw rules are checked, rather than lists of hundreds or thousands of IP addresses Cons: - I don't think arp will work on 1.2.3/24 addresses, which is why the route needs to be added to the router. Try it: it really works, thanks to Julian Elischer. Matt Geoff Buckingham wrote: > > On Wed, Oct 20, 1999 at 11:02:08AM +0100, Nick Hilliard wrote: > > > What do you mean by "bind a class C"? Make an interface so it will > > > respond to incoming requests for 10.1.2.x? ewww, yuck! > > > > Is it any less elegant than having in_localaddr() trawling through each item > > on the address list? Perhaps 1024 items if you've got a large vweb server? > > That's also pretty inelegant. > > > > The patch refered to elsewhere comes from Demon Internet where it was (at least > in my time) used to two /18s and a /16 without problems, this would have > been completely impractical through more conventional means. > > As I continue to work with large scale virtual hosting set ups I would quite > like to see this enter the main source tree, allthough I guess people likely > to make use of it are a very small minority. > > In an effort to avoid what may follow, I fully appreciate HTTP 1.1 vhosting > is much more appropriate in many situations, this does not however > remove the need for large scale conventional virtual hosting alltogether. > > -- > GeoffB > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Class C hack instead of ifconfig aliases
On Wed, Oct 20, 1999 at 11:02:08AM +0100, Nick Hilliard wrote: > > What do you mean by "bind a class C"? Make an interface so it will > > respond to incoming requests for 10.1.2.x? ewww, yuck! > > Is it any less elegant than having in_localaddr() trawling through each item > on the address list? Perhaps 1024 items if you've got a large vweb server? > That's also pretty inelegant. > The patch refered to elsewhere comes from Demon Internet where it was (at least in my time) used to two /18s and a /16 without problems, this would have been completely impractical through more conventional means. As I continue to work with large scale virtual hosting set ups I would quite like to see this enter the main source tree, allthough I guess people likely to make use of it are a very small minority. In an effort to avoid what may follow, I fully appreciate HTTP 1.1 vhosting is much more appropriate in many situations, this does not however remove the need for large scale conventional virtual hosting alltogether. -- GeoffB To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Class C hack instead of ifconfig aliases
On Wed, Oct 20, 1999 at 12:52:49PM +0200, John Hay wrote:
> I think somebody sent patches to do it a while back. I think it might be
> in GNATS.
Yes, and yes.
http://www.freebsd.org/cgi/query-pr.cgi?pr=12071
--
perl -wMstrict -e'$,="PLEASE";$;=" DO ";@_=map{$?=255&256+$!-$_;$!=$_;++$.%4-2?
$;:$,.$;,",1SUB#$.<-#$?"}map{ord}split//,pack"b*",unpack"B*","@ARGV$/";print
`echo "$,$;,1<-#$.@_$;READ OUT,1$;GIVE UP">,.i;ick ,.i;./,`' Mike Bristow.\
Just Another Hacker http://sig.jellybaby.net/ certified! [101f4503fx818]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
Re: Class C hack instead of ifconfig aliases
> > What do you mean by "bind a class C"? Make an interface so it will > > respond to incoming requests for 10.1.2.x? ewww, yuck! > > Is it any less elegant than having in_localaddr() trawling through each item > on the address list? Perhaps 1024 items if you've got a large vweb server? > That's also pretty inelegant. > > I seem to remember someone producing some patches for this on bsdi a couple > of years ago. > I think somebody sent patches to do it a while back. I think it might be in GNATS. John -- John Hay -- [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Class C hack instead of ifconfig aliases
> What do you mean by "bind a class C"? Make an interface so it will > respond to incoming requests for 10.1.2.x? ewww, yuck! Is it any less elegant than having in_localaddr() trawling through each item on the address list? Perhaps 1024 items if you've got a large vweb server? That's also pretty inelegant. I seem to remember someone producing some patches for this on bsdi a couple of years ago. Nick To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Class C hack instead of ifconfig aliases
> Is there anyway to bind a class C to an interface without a lot of > aliases? whats the downside of aliases? I have a 2.2.8 hack that does > the C, but I'd like to avoid having to port it to 3.3. What do you mean by "bind a class C"? Make an interface so it will respond to incoming requests for 10.1.2.x? ewww, yuck! Aliases are (for me, at least) a love/hate relationship. I have a few machines floating around on some of my networks that use them to get around some routing problems, and they generally work quite well for incoming connections... I imagine that FBSD probably has the same problem as Digital UNIX for outgoing connections, though Picture, if you will, the following: ed0 192.168.2.4 netmask 255.255.255.0 alias 208.132.36.131 route 192.168.2.0/24 -> ed0 route 0.0.0.0/0 -> gateway 208.132.36.129 Any packets sent to the gateway get 192.168.2.4 as the source, not 208.132.36.131 -- the gateway will send the packet off to the rest of the world, where it gets immediately dropped due to the "internal use only" source IP address. IMHO, it should notice that it's going to a member of the aliased network, and change the source IP to the alias address, not the "normal" 192.168.2.4 address. This can (usually) be fixed at the gateway with some fancy natd/ipfw lines, but it gets ugly... If FreeBSD does NOT have this "problem", I think we should send a copy of it off to DEC -- I'll dig up my sequence number from the problem call I placed a couple years ago regarding this :) I finally fixed it on the Alpha by purchasing another (really expensive - damn TurboChannel bus) network card to handle the 2nd IP address.. mike To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Class C hack instead of ifconfig aliases
Is there anyway to bind a class C to an interface without a lot of aliases? whats the downside of aliases? I have a 2.2.8 hack that does the C, but I'd like to avoid having to port it to 3.3. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
