From owner-freebsd-questions Wed Nov 14 0:13:27 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id D106D37B416 for ; Wed, 14 Nov 2001 00:13:20 -0800 (PST) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id fAE8D4T18086; Wed, 14 Nov 2001 00:13:05 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Albert Everett" , Subject: RE: Max number of NIC's and aliases Date: Wed, 14 Nov 2001 00:13:04 -0800 Message-ID: <004b01c16ce4$2f7f4de0$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Albert Everett >Sent: Monday, November 12, 2001 7:30 AM >To: freebsd-questions@FreeBSD.ORG >Subject: RE: Max number of NIC's and aliases > > >Time for me to chime in on this IP aliasing question. > >Although I've been running a few FreeBSD systems for some time, >they've all only required one or two aliases. > >Now I've made my main web server a FreeBSD box and we're beginning to >add SSL sites at a great rate. My first inclination is to add an IP >alias per SSL site, and I've been wondering myself how many aliases I >can add with ifconfig before things start to break. > >Where should we be reading to use routing instead of aliases in this >context? I'm not connecting what the handbook has to say to my >situation. > Sorry, Albert, (and all) I screwed up on that one. It was late and I didn't explain myself clearly at all, and I was in a hurry. Me bad! What I was referring to works if your running address translation and your server (or servers) is behind a translator. (since most of the time your going to put webservers behind some kind of firewall, you can run translation on this) The limitation to this trick is that you can't use it with SSL-enabled sites since the SSL must have a legitimate IP number attached to it. What you do is all the IP numbers have to be grouped together in a subnet, of course, then you route the entire subnet to the translator. On the translator you install a mapping like this: outside inside IP number:port IP number:port 198.1.2.1:80 ---> 10.10.10.10:1000 198.1.2.2:80 ---> 10.10.10.10:1001 198.1.2.3:80 ---> 10.10.10.10:1002 198.1.2.4:80 ---> 10.10.10.10:1003 198.1.2.5:80 ---> 10.10.10.10:1004 Obviously you have to put the appropriate Listen directive in each of your Apache virtual host sections. This gets around the problem of putting multiple alias interfaces on your webserver and you are pretty unrestricted by any limits of number of interfaces on the webserver. Of course if your translator is crappy then you have a limit to the number of maps. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message