[Xymon] xymon client bindaddress

Jeremy Laidman jlaidman at rebel-it.com.au
Thu Jun 8 08:04:46 CEST 2017


On 6 June 2017 at 00:13, Frank <ve2cii at canasoft.net> wrote:

>     Hi,
>
>    Is there a way to have the xymon client bind to a specific IP or
> interface?
> I have more than one interface on a machine and I am getting ghost reports
> because I setup xymon for eth0:0 instead of eth0.


Based on the eth0:0 interface name, I assume you're using Linux . Under
Linux you can use the routing table to nudge the kernel towards using a
particular IP address you specify, by using the "src" parameter when adding
a route. By default, the kernel chooses the source IP address based on a
route table lookup of the destination. So you could add a route to your
Xymon server that specifies the use of a specific src IP you want like so:

ip route add <xymsrv IP> dev eth0 src <eth0:0 IP>

As is normal for route lookups, the selection of the route with the "src"
specified, is determined by the destination IP address, regardless of the
process making the request or the protocol used. This means "ssh <xymon
IP>" or "wget <xymon IP>" would also have the eth0:0 IP as their source,
which may or may not be what you want.

Instead of using routing tricks, you could use iptables and can setup a
source NAT (SNAT) rule for the traffic you're interested in, to "NAT" to
the alternate IP address. For example, use a rule that only matches
TCP/1984, which would change the source IP as it egresses the server,
outbound on that port. Or, you could use the "owner" module to specify the
"xymon" user, so that only the Xymon client traffic uses the alternative IP
address. Or a combination of these.

Actually, it's slightly more complicated than that, because "SNAT" only
operates in the nat/POSTROUTING, and "owner" only operates in the
mangle/OUTPUT chain, you have to use "owner" to mark packets and then use
"SNAT" to modify packets that have been so marked. For example, the
following tags packets from processes run as the xymon user, but only when
the destination port is 1984, and then performs the SNAT on the matched
packets:

iptables -t mangle -A OUTPUT -p tcp -m owner --uid-owner xymon -m tcp
--dport 1984 -j MARK --set-mark 0xdeadbeef
iptables -t nat -A POSTROUTING -o eth0 -m mark --mark 0xdeadbeef -j SNAT
--to-source <eth0:0 IP>

However, it would be nicer if the Xymon client could be told to bind to a
particular IP address (or interface name).

J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20170608/1b2751f5/attachment.html>


More information about the Xymon mailing list