[Xymon] xymon client bindaddress

Frank ve2cii at canasoft.net
Thu Jun 8 15:15:20 CEST 2017 

     Hi,

    Thank you for your input.  It is good to know but I think it is a 
bit overkill.  Right now the
system is working perfectly, and I just used the name associated with 
eth0:0. But it would
be nice if xymon was able to bind to the IP.   Oh yes I am using linux.

On 6/8/17 2:04 AM, Jeremy Laidman wrote:
> On 6 June 2017 at 00:13, Frank <ve2cii at canasoft.net 
> <mailto:ve2cii at canasoft.net>> wrote:
>
>         Hi,
>
>        Is there a way to have the xymon client bind to a specific IP
>     or interface?
>     I have more than one interface on a machine and I am getting ghost
>     reports
>     because I setup xymon for eth0:0 instead of eth0.
>
>
> Based on the eth0:0 interface name, I assume you're using Linux . 
> Under Linux you can use the routing table to nudge the kernel towards 
> using a particular IP address you specify, by using the "src" 
> parameter when adding a route. By default, the kernel chooses the 
> source IP address based on a route table lookup of the destination. So 
> you could add a route to your Xymon server that specifies the use of a 
> specific src IP you want like so:
>
> ip route add <xymsrv IP> dev eth0 src <eth0:0 IP>
>
> As is normal for route lookups, the selection of the route with the 
> "src" specified, is determined by the destination IP address, 
> regardless of the process making the request or the protocol used. 
> This means "ssh <xymon IP>" or "wget <xymon IP>" would also have the 
> eth0:0 IP as their source, which may or may not be what you want.
>
> Instead of using routing tricks, you could use iptables and can setup 
> a source NAT (SNAT) rule for the traffic you're interested in, to 
> "NAT" to the alternate IP address. For example, use a rule that only 
> matches TCP/1984, which would change the source IP as it egresses the 
> server, outbound on that port. Or, you could use the "owner" module to 
> specify the "xymon" user, so that only the Xymon client traffic uses 
> the alternative IP address. Or a combination of these.
>
> Actually, it's slightly more complicated than that, because "SNAT" 
> only operates in the nat/POSTROUTING, and "owner" only operates in the 
> mangle/OUTPUT chain, you have to use "owner" to mark packets and then 
> use "SNAT" to modify packets that have been so marked. For example, 
> the following tags packets from processes run as the xymon user, but 
> only when the destination port is 1984, and then performs the SNAT on 
> the matched packets:
>
> iptables -t mangle -A OUTPUT -p tcp -m owner --uid-owner xymon -m tcp 
> --dport 1984 -j MARK --set-mark 0xdeadbeef
> iptables -t nat -A POSTROUTING -o eth0 -m mark --mark 0xdeadbeef -j 
> SNAT --to-source <eth0:0 IP>
>
> However, it would be nicer if the Xymon client could be told to bind 
> to a particular IP address (or interface name).
>
> J
>

-- 

sysadm  cronomagic.com/gemstelecom.com
e-mail  ve2cii at canasoft.net

POWERED BY LINUX

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20170608/308cc041/attachment.html>

More information about the Xymon mailing list