Configuring static ip interfaces

In this example:

https://library.linode.com/networking/c … interfaces">https://library.linode.com/networking/configuring-static-ip-interfaces

If I only have one main/public IP and one private IP, can I remove the #eth0:0 section? (Also should I put the private IP info on # eth0:0 and remove # eth0:1?)

# The loopback interface
auto lo
iface lo inet loopback

# Configuration for eth0 and aliases

# This line ensures that the interface will be brought up during boot.
auto eth0 eth0:0 eth0:1

# eth0 - This is the main IP address that will be used for most outbound connections.
# The address, netmask and gateway are all necessary.
iface eth0 inet static
 address 12.34.56.78
 netmask 255.255.255.0
 gateway 12.34.56.1

# eth0:0
# This is a second public IP address.
iface eth0:0 inet static
 address 34.56.78.90
 netmask 255.255.255.0

# eth0:1 - Private IPs have no gateway (they are not publicly routable) so all you need to
# specify is the address and netmask.
iface eth0:1 inet static
 address 192.168.133.234
 netmask 255.255.128.0

6 Replies

In your scenario you would have one IP on eth0 and one IP on a network alias (either eth0:0 or eth0:1, pick one and use it, you don't need the other).

@retrograde inversion:

In your scenario you would have one IP on eth0 and one IP on a network alias (either eth0:0 or eth0:1, pick one and use it, you don't need the other).

Thanks!

Few more question…

1 - With one mysql linode and one web server linode, do I need to add the private IP of both of them, as mentioned below, in the host files on both linodes?

2 - If I added another web server linode to the mix, would I then need to go back into all 3 hosts files and update them? Confused about why web server A would need to know about web server B. Or maybe I would just have to add the additional webserver private IP to the mysql server's host file and add, then add the mysql private ip to the dditional webserver's host file. This makes more sense.

3 - In the example below, does "mysql.example.com" and "app.example.com" need to have a DNS entry, or can they be ignored if I plan on just using "mysql"?

Edit /etc/hosts
You will want to create hostnames for each machine so you can keep track of them later. This also saves work, should you find yourself in a situation where you need to change the IP address of the server. Edit the /etc/hosts file to include the private IP addresses of each Linode. Use the following excerpt from an example /etc/hosts file as an example:

File:/etc/hosts

127.0.0.1 localhost
192.168.192.168 mysql.example.com mysql
192.168.192.169 app.example.com app

Since web server and mysql server will be connecting via the private IPs, do I need to make any changes to iptables?

Example:

https://library.linode.com/securing-you … a-firewall">https://library.linode.com/securing-your-server#sph_creating-a-firewall

-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
# Allow established connections for both public and private connections
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT

Regarding /etc/hosts - Strictly speaking you're not required to add anything to /etc/hosts. But it is useful if you want to be able to connect to certain hosts through their private IPs using more convenient, shorter names. /etc/hosts entries can coexist with DNS A/AAAA records, but you can also define /etc/hosts entries that don't have DNS records for them. It's up to you really.

You should be aware that the iptables rule you gave:

-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT

would cause connections to be accepted to dst port 3306 on all IPs, public or private. You can specify a destination IP by using the -d switch, something like this:

-A INPUT -d 192.168.xxx.xxx -p tcp -m tcp --dport 3306 -j ACCEPT

That would cause that rule to only allow incoming connections to tcp port 3306 on that particular IP address to be accepted. This assumes that you have a rule afterward somewhere in the INPUT chain, or a policy set on the INPUT chain, to drop everything else that you don't specify…

I've been able to get external websites to connect to the database linode, but now I can't connect via mysql workbench. I ssh into one of the web server linodes, then use the connection info for a user I created on the db linode and no go. Same issue if I ssh in through mysql workbench to the db server.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct