Re: FreeBSD 2 nic one to route one to DB - how do I?


"Tim Judd" <tjudd@xxxxxxxxxxx> wrote in message
news:dOKdnR47wp5bhmjZnZ2dnUVZ_qCdnZ2d@xxxxxxxxxxxxxx
Who Know wrote:
"Who Know" <jr_115@xxxxxxxxxxx> wrote in message
news:44f4dc04$0$13977$edfadb0f@xxxxxxxxxxxxxxxxxxxxxxx
"Edward Salonia" <esalonia@xxxxxxxxx> wrote in message
news:IO6dnYYghv8dUmnZnZ2dnUVZ_v-dnZ2d@xxxxxxxxxxxxxxx
Who Know wrote:
"Edward Salonia" <esalonia@xxxxxxxxx> wrote in message
news:ztydnRCD2YEbI2nZnZ2dnUVZ_r2dnZ2d@xxxxxxxxxxxxxxx
Who Know wrote:
I have a lovely server whit two nics. I want to "abuse" them both :)

The first nic should handle the normal www traffic (The outsite
card)
The second nic should route to the DB server.

My OS is FreeBSD 6.1-RELEASE
www= Apache 2.2

The DB is Mysql 5.x

My IP-Addresses is 87.52.171.128/24 and the IP to the first nic is
87.52.171.131

How do I set this up to force the second nic only to get to the DB
server (Only one nic installed)

Other hardware to use for networking build is two swicthes One fare
better than the second, therefore I'll prefere to only use that one.
One Cisco router.

I have been reading a lot on this site
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html
but i didn't understand it :/ mayby I have been reading to little.

Please give me the exact scipting lines and setup (For dummies)


Not sure of the config file with MySQL but with regards to apache.
There is a directive to specify what address/nic it will listen on. I
would guess the same goes for the sql config file.
My sitution is better explained here:
http://www.vbulletin.org/forum/showthread.php?t=111191

or if you can't access the page you can see a copy here:

http://gndindex.com/showthread.php?p=3410#post3410
Oh ok, I didn't understand fully... It seems to me, and I could be
wrong. But I dont think you need a public IP for the DB server. Just
put the DB server and the second nic on the webserver on its own
private network. I think that will work since the Web server will be
talking to the db server, not the public clients accessing the site...
As for routing, you should have to do anythign special since from the
point of view of the web server, it will be able to hit both networks
it is attached to.

for example. the webserver will have 2 nic's (1 has pub ip for http
access) (1 for private net between itself and db server for db connect)

priv nic on webserver 192.168.1.1 255.255.255.252
nic on db server 192.168.132.2 255.255.255.252

Am I any closer to understanding what you want to do?
Very close :) but....

What do I set the defaultrouter="?" to on the DB server? and should I
add
gateway_enable="YES" and/or router_enable="YES" on the www server?

rc.conf on www server:

defaultrouter="87.52.171.129"
hostname="ns0.reck.dk"
ifconfig_em0="inet 87.52.171.131 netmask 255.255.255.224"
inetd_enable="YES"
keymap="danish.iso"
keyrate="fast"
sshd_enable="YES"
usbd_enable="NO"
sendmail_enable="NONE"
xntpd_enable="YES"
xntpd_flags="-g -p /var/run/ntpd.pid"

ifconfig_em1="inet 192.168.1.1 netmask 255.255.255.252"

#gateway_enable="YES"
#router_enable="YES"
#natd_enable="YES"
#natd_interface="87.52.171.131"

Make this result: (2 difrent switches)

ns0# ping db.reck.dk
PING db.reck.dk (192.168.132.2): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host

make this result: (same switch)

ns0# ping db.reck.dk
PING db.reck.dk (192.168.132.2): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host

The same happen from db to www server :(



you won't get very far without a proper DNS where th FBSD machine can work
with.

You won't get very far between any link or connection with missing
information.


So your FBSD machine is dual homed (2 NICs).. how do you want to setup
the apache server? example:

<Big Internet>
\-> (NIC #1 on FBSD) FBSD NIC
\-> (NIC #2 on FBSD) DB server

-OR-

<Big Iternet>
|-> FBSD NIC #1
\-> DB server



Option 1 needs both NICs, option 2 only needs one NIC.

Do you have DHCP on your internal network? DNS? Is the FBSD your gateway
aka router?

the advantage of option 2 is that anybody in the world can hit your
database server, and exploit it, if there's a bug. Big benefit. J/K

The advantage of option 1 is security -- you only have one machine
exposed.

please post more specs, I won't likely help again without them. Post the
specs I asked for above, and I'll consider assisting.

I'm Working on option 1, both for the security, and to share the traffik on
both nics, since there is a huge traffik between the www and the db.

My network build:

WAN
|
Router (Cisco 806)
|
Switch 10/100/(1000 Fiber
only)
| |
|
FBSD- www,dns,mail,db1 Workstatios FBSD- www,dns(2 nics)

|

FBSD-DB

This is how I want it. A this moment I have the FBSD-DB hooks directly to
the switch.

Other network hardware availeble to me:
1 switch
I would also like to get the workstation behind the FBSD- www,dns(2nics
machine) and the use it a router, since that FBSD is more than powerfull
enaough to handle it.

In the earlier attemps to make this work, i added the FBSD-DB host name to
the /etc/hosts file on the FBSD- www,dns(2 nics) machine.

Hope this will do it.


.

Relevant Pages

  • Re: FreeBSD 2 nic one to route one to DB - how do I?
    ... The second nic should route to the DB server. ... Just put the DB server and the second nic on the webserver on its own private network. ... So your FBSD machine is dual homed.. ... Option 1 needs both NICs, option 2 only needs one NIC. ...
    (comp.unix.bsd.freebsd.misc)
  • Re: FreeBSD 2 nic one to route one to DB - how do I?
    ... The second nic should route to the DB server. ... So your FBSD machine is dual homed.. ... Option 1 needs both NICs, option 2 only needs one NIC. ... Do you have DHCP on your internal network? ...
    (comp.unix.bsd.freebsd.misc)
  • Re: Urgent! New router and big disaster
    ... NIC, you need to specify an external DNS server for DNS, instead of the ... Both NICs should point to his internal IP for DNS. ... forward ports to it reliably in the router. ...
    (microsoft.public.windows.server.sbs)
  • Re: CEICW fails at firewall config
    ... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ...
    (microsoft.public.windows.server.sbs)
  • Re: Still cant connect to RWW or OWA remotely
    ... No Phantom NICs as far as I can see. ... that it can not find the server. ... Configure your Router as an Eithernet Bridge. ... Once you have this then configure the Routers Firewall and Port ...
    (microsoft.public.windows.server.sbs)