help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Thinking cfenginely about network interfaces


From: Systems Administrator
Subject: Thinking cfenginely about network interfaces
Date: Wed, 24 Dec 2003 14:32:02 +1100 (EST)

        Hi all.  I've been using multiple IPs on my servers for different
purposes.  For example, say I have something that does DNS,
authentication, and web.  I'd have the following address mappings:

fred    10.0.0.1        # base machine name
dns     10.0.0.100      # DNS server IP
www     10.0.0.101      # Web server IP
auth    10.0.0.102      # Authentication IP

        The main reason I did this was for extra security.  For example,
if someone scans www, they might not realise that it has a DNS server on
the other IP, and therefore not be able to use combined security holes to
attack.

        Anyway, I'm wondering what's the best way to set things up in
cfengine so that, if I set up a machine and give it the IP 10.0.0.1, it
will automatically install the other interfaces.

        In case it helps, I'm using Fedora Core 1 and cfengine 2.1.0.

        Thanks all...

--
Tim Nelson
Systems Administrator
Sunet Internet
Tel: +61 3 5241 1155
Fax: +61 3 5241 6187
Web: http://www.sunet.com.au/
Email: sysadmin@sunet.com.au






reply via email to

[Prev in Thread] Current Thread [Next in Thread]