| |||||
Switching IP Addresses is a Pain - 6/19/00Before doing it, I always thought that changing the IP addresses on a handfull or so of computers would border on the trivial. I was wrong. Aside from the totally inexcusable design of Microsoft Management console that nearly guarantees trouble if you switch IP addresses on an IIS machine it's not been a snap on the UNIX like machines either. To provide reasonable flexibility in networking setup it's necessary to have IP addresses in multiple locations. If you have to change IP address as in changing from a private network range to a public one, you have to find every place the old addresses exist and change them to the correct new ones. Many of these are set when you install a system so unless you do networking regularly you may not remember or ever have know where some of these are stored or what program(s) to change them with. The basic networking setup on the Red Hat Linux system was pretty straight forward. I was able to make most of the changes in linuxconf and manually edited the /etc/hosts file to provide all the local machines. Where it got tricky was with Apache. When I'd first set up the GeodSoft.com site on the Linux machine, I kept the original default web directories for system documentation and added GeodSoft as a virtual site. On a private Class C network, I never gave using another IP address for this a second thought. With the DSL line I have a number of IP address but nothing like a Class C range. On my first pass through I allocated all that I had for existing machines and virtual web sites. Sooner or later I would need another so clearly I had to find a better way of using this resource. Also it was getting confusing with each machine having a host name and IP address and a different web name and IP address. Since the primary purpose for at least three of the machines was to serve a mirror of GeodSoft.com I decided to make these sites the primary site where practical. I also decided to use port numbers for the non public virtual sites. Since by their very nature I won't have anyone but a few clients or associates coming to any of these sites I lose nothing by moving them off of the expected IP ports. It would be naive to think that this provides any security since the crackers know how to find these as easily as any other services. For a "semi" public site, i.e. one that I'm showing to a select audience but neither password protecting nor making available via DNS, it does at least keep the uninitiated from accidentally wandering into them. Also while IP addresses are a scarce resource, for these purposes, unused port numbers are plentiful. So in reality this involves much more than simple IP number switches. It also involves host name, port number and virtual document root directory exchanges. The first time I tried this on Linux, I thought I could leave the Apache configuration file, httpd.conf, just as it was and switch only IP and port numbers around. When I tried doing this I got the server name error mentioned previously which appeared with the Red Hat reinstall. I did determine that even the original httpd.conf file distributed with Red Hat 6.1 caused the same error. My first attempt was less than systematic and I quickly had an Apache configuration file that prevented Apache from running. I set that aside and returned to more pressing DSL related issues. After the successful install of the DSL line there are still serious administrative and security issues to deal with but I did return the web sites. I got a copy of the last working httpd.conf from backups but decided instead to work from the original distribution file. First I fixed the ServerName error and determined that the site delivered with Linux was being served. Then I replaced the references to the Red Hat / Linux default site with pointers to the GeodSoft.com document root and verified that my site was being served. Then I added the directives to enable my cgi-bin directory and tested site searching. Then I created a new VirtualHost directive and copied or moved the relevant settings from what had been the global area in httpd.conf to the new virtual host area. I also had to review the general settings and change those where I wanted different settings for GeodSoft.com to be different than the original defaults. Generally I'm disabling functions and services that I don't have an immediate need for. I used the "extra" IP address that every computer has, 127.0.0.1 for the new virtual site. This worked fine except the site is available only from the Linux machine. All that was left was to switch 127.0.0.1 for the Linux machine's IP address with a different port number. When I added a Listen directive for the new port, Apache stopped listening on the old so I needed two directives, one for each port that Apache should monitor. I was very surprised when after adding the second listen directive, instead of everything working, nothing worked. Fortunately I thought to look at the error logs right away. Apparently something about changing from Listen 9876 to Listen 99.99.99.99:9876 caused an error and Apache did not restart but exited because the port was already in use. Since Apache was now out of memory, I correctly guessed that starting it would solve the problems. Both web sites were being served on the IP addresses and ports that I expected. Subsequent tests showed there was no problem restarting Apache with the listen command. The problem was somehow related to the order in which the directives were created. After the Linux machine was performing as desired I turned my attentions to the OpenBSD machine. After renaming the current httpd.conf file I copied over the new one from the Linux PC. I started working through this changing the directories and IP addresses as appropriate but soon realized there were some major differences what was included in the two files as well as a number of different setting choices for the same directive. Wanting to keep as many default settings on each machine until I understood the differences and their implications, I abandoned this first attempt and started over from the previous BSD configuration file repeating the steps used on the Linux machine but in a single pass rather than several stages. Both the GeodSoft.com and Apache documentation sites were served on the expected IP address and port numbers the first time Apache was restarted. One point should be mentioned. While I'm moderately comfortable with vi for most routine edits, the amount of moving lines around for this configuration task was such that I wanted a graphical editor that I'm more comfortable with. I actually did the bulk of the editing on my NT workstation using Textpad. If it wasn't for the video problem that causes stray characters to appear, I could have used the graphical Emacs on the Linux system. So even though I've reached the point that I can contemplate abandoning Windows as a server system, I'm not yet willing to consider abandoning it as a Desktop system, not because it's technically better than the alternatives because it's not but because of the large number of applications that still are not available on the alternatives.
Copyright © 2000 - 2014 by George Shaffer. This material may be
distributed only subject to the terms and conditions set forth in
http://GeodSoft.com/terms.htm
(or http://GeodSoft.com/cgi-bin/terms.pl).
These terms are subject to change. Distribution is subject to
the current terms, or at the choice of the distributor, those
in an earlier, digitally signed electronic copy of
http://GeodSoft.com/terms.htm (or cgi-bin/terms.pl) from the
time of the distribution. Distribution of substantively modified
versions of GeodSoft content is prohibited without the explicit written
permission of George Shaffer. Distribution of the work or derivatives
of the work, in whole or in part, for commercial purposes is prohibited
unless prior written permission is obtained from George Shaffer.
Distribution in accordance with these terms, for unrestricted and
uncompensated public access, non profit, or internal company use is
allowed.
|
|||||
