<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi,<br>
<br>
Thank you for your input. It is good to know but I think it is a
bit overkill. Right now the<br>
system is working perfectly, and I just used the name associated
with eth0:0. But it would<br>
be nice if xymon was able to bind to the IP. Oh yes I am using
linux.<br>
<br>
<div class="moz-cite-prefix">On 6/8/17 2:04 AM, Jeremy Laidman
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAAnki7D7hb_crp=VZWGFdMTP1xq9k6s8TRScrQKrJA331EGUFg@mail.gmail.com">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">On 6 June 2017 at 00:13, Frank <span
dir="ltr"><<a href="mailto:ve2cii@canasoft.net"
target="_blank" moz-do-not-send="true">ve2cii@canasoft.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex"> Hi,<br>
<br>
Is there a way to have the xymon client bind to a
specific IP or interface?<br>
I have more than one interface on a machine and I am
getting ghost reports<br>
because I setup xymon for eth0:0 instead of eth0.</blockquote>
<div><br>
</div>
<div>Based on the eth0:0 interface name, I assume you're
using Linux . Under Linux you can use the routing table to
nudge the kernel towards using a particular IP address you
specify, by using the "src" parameter when adding a route.
By default, the kernel chooses the source IP address based
on a route table lookup of the destination. So you could
add a route to your Xymon server that specifies the use of
a specific src IP you want like so:</div>
<div><br>
</div>
<div><font face="monospace, monospace">ip route add
<xymsrv IP> dev eth0 src <eth0:0 IP></font></div>
<div><br>
</div>
<div>As is normal for route lookups, the selection of the
route with the "src" specified, is determined by the
destination IP address, regardless of the process making
the request or the protocol used. This means "ssh
<xymon IP>" or "wget <xymon IP>" would also
have the eth0:0 IP as their source, which may or may not
be what you want.</div>
<div><br>
</div>
<div>Instead of using routing tricks, you could use iptables
and can setup a source NAT (SNAT) rule for the traffic
you're interested in, to "NAT" to the alternate IP
address. For example, use a rule that only matches
TCP/1984, which would change the source IP as it egresses
the server, outbound on that port. Or, you could use the
"owner" module to specify the "xymon" user, so that only
the Xymon client traffic uses the alternative IP address.
Or a combination of these.</div>
<div><br>
</div>
<div>Actually, it's slightly more complicated than that,
because "SNAT" only operates in the nat/POSTROUTING, and
"owner" only operates in the mangle/OUTPUT chain, you have
to use "owner" to mark packets and then use "SNAT" to
modify packets that have been so marked. For example, the
following tags packets from processes run as the xymon
user, but only when the destination port is 1984, and then
performs the SNAT on the matched packets:</div>
<div><br>
</div>
<div>
<div><font face="monospace, monospace">iptables -t mangle
-A OUTPUT -p tcp -m owner --uid-owner xymon -m tcp
--dport 1984 -j MARK --set-mark 0xdeadbeef</font></div>
</div>
<div><font face="monospace, monospace">iptables -t nat -A
POSTROUTING -o eth0 -m mark --mark 0xdeadbeef -j SNAT
--to-source <eth0:0 IP></font><br>
</div>
<div><br>
</div>
<div>However, it would be nicer if the Xymon client could be
told to bind to a particular IP address (or interface
name).</div>
<div><br>
</div>
<div>J</div>
<div><br>
</div>
</div>
</div>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
sysadm cronomagic.com/gemstelecom.com
e-mail <a class="moz-txt-link-abbreviated" href="mailto:ve2cii@canasoft.net">ve2cii@canasoft.net</a>
POWERED BY LINUX</pre>
</body>
</html>