Binding application to one ethernet interface

[Paul Schmehl]

--On Thursday, September 27, 2007 13:30:24 +0200 Eduardo Morras 
<emorras at s21sec.com> wrote:

> Hello:
>
>     I have a server with apache that serves pages to an intranet. Now we
> want to add another server application (cvs and pgsql) to another
> intranet. Of course we can buy a new server to do that, but i want to
> know if i can add a new ethernet card to the current server and force
> apache to serve to one intranet and cvs/pgsql to the other intranet.
>     I think that by default, freebsd will balance the charge between both
> cards, is it true??
>
Most applications will listen on *all* interfaces by default.  I'm not 
aware of an application that *cannot* be configured to only listen on one 
IP address, but there may be some.

In the case of apache, you simply edit the Listen attribute and then 
restart the service.

Listen x.x.x.x:80

I don't use postgres, but I'd bet it has the option as well.  Mysql 
certainly does.  You just need to read the man pages for each app (or 
online docs) to find out what config option you need to use and what the 
syntax needs to be.  Or Google it.

BTW, you don't really need a second nic.  You can alias the first one.

In /etc/rc.conf use ifconfig_interface_alias0="IP Netmask"

For example, from a live setup:

ifconfig_bce0="inet 66.221.101.248 netmask 255.255.224.0"
ifconfig_bce0_alias0="inet 66.221.101.250  netmask 255.255.255.255"
ifconfig_bce0_alias1="inet 66.221.101.253  netmask 255.255.255.255"

Since you would be using different subnets, you set the netmask 
appropriately for that subnet.  When you alias on the *same* subnet, all 
the alias netmasks have to be "non-conflicting", according to the man page, 
so you use the netmask I use above.

-- 
Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/