A few virtualmin boxes on datacenter to access each other with internal address

8 posts / 0 new
Last post
#1 Mon, 04/23/2012 - 13:55
rogeriobrito

A few virtualmin boxes on datacenter to access each other with internal address

I have a virtualmin box on datacenter. Next week I'll send another 3 virtualmin boxes to the datacenter. I asked the datacenter support what was the best way for the servers to access each other internally without the public IP, something like 192.168.100.1. All my servers have dual Ethernet connections, so they told me that the best way is to send a switch to the datacenter, and link each second Ethernet to the switch.

Ok. Question is, how do I properly configure the second Ethernet card to be used internally only and it doesn't interfere with the first one? I've tried to do that once, but the server could not access the internet anymore and all services became offline. So I removed the second Ethernet configuration to restore the services back online.

Thank you

  • Rogerio
Mon, 04/23/2012 - 18:53
andreychek

Howdy,

If a default route is added that's associated with the new interface, that could cause a problem.

But, if you just bring up your second interface with your internal IP in it, that should work for you.

You can do that in Webmin -> Networking -> Network Configuration -> Network Interfaces, click "Add a new interface", and in there you can specify your interface name (often eth1) and it's IP.

-Eric

Tue, 04/24/2012 - 23:45
rogeriobrito

Hi Eric,

So i just have to fill the "Network Configuration->Network Interfaces" info, like the attached file? And don't do anything on "Network Configuration->Routing and Gateways"?

Thanks

  • Rogerio
Wed, 04/25/2012 - 07:24
andreychek

Hrm, I apparently don't do this often enough, I don't remember if setting up a second interface will automatically setup a route for it or not :-)

What I would suggest is to try it -- you at the very least would need to add a new interface on the Network Interfaces screen like you showed... so once you add that, try pinging the internal IP of your server and see if it connects.

If not, you might need to add a route -- but if you do add a route, don't change the default route. All you'd be doing is setting up an additional route for internal traffic.

-Eric

Mon, 05/07/2012 - 12:22
rogeriobrito

Enabling eth1 didn't work. But it did work with eth0 only. I took a switch to the datacenter, and connected the datacenter lan cables on the switch, along with my servers, all configured with the external IP. All the servers are now accessed externally, and they access each other using the external IP but through the switch. All good! Thanks

Wed, 05/09/2012 - 04:43
Locutus

Just for completeness: Setting up an interface will NOT create the appropriate route automatically. :) If you use e.g. the network 192.168.100.0/24 for your internal connections, you need to add an interface route (without gateway), destination 192.168.100.0, mask 255.255.255.0, via eth1. You can use Webmin's "Routing and Gateways" module for that.

Using the external IP to have one server access the others via a switch works too, depending on how your hoster has set stuff up, but might complicate things a bit if you use firewall rules to allow only desired traffic through. You'll have to create rules then to specifically allow traffic from certain source IPs, potentially opening up security holes based on source IP spoofing.

A routed setup, or the thing with separate switch and network interface like you intended, is more secure for intra-server-group communication.

Wed, 05/09/2012 - 18:15
rogeriobrito

Great Locutus, I'll try it again when we need more servers, for now I'll use eth0 only.

Thank you

  • Rogerio
Thu, 05/10/2012 - 01:10
Locutus

Okidoki, you're welcome!